diff options
| author | Theo de Raadt <deraadt@cvs.openbsd.org> | 2016-09-01 00:21:37 +0000 |
|---|---|---|
| committer | Theo de Raadt <deraadt@cvs.openbsd.org> | 2016-09-01 00:21:37 +0000 |
| commit | d1b15db66bfccd488e8f2b44f78b10a82130b284 (patch) | |
| tree | b1debe60ba2b1b44d5fa5a01a570d6a15c7e0c97 /usr.sbin/acme-client/certproc.c | |
| parent | 45dc68e0a5bc4baedd4a5b2ebf32aac2e9b2012b (diff) | |
Collapse krazy abstractions for other sandbox models, using chroot and
pledge directly as needed.
ok florian
Diffstat (limited to 'usr.sbin/acme-client/certproc.c')
| -rw-r--r-- | usr.sbin/acme-client/certproc.c | 13 |
1 files changed, 4 insertions, 9 deletions
diff --git a/usr.sbin/acme-client/certproc.c b/usr.sbin/acme-client/certproc.c index a75112b84ee..b005f647566 100644 --- a/usr.sbin/acme-client/certproc.c +++ b/usr.sbin/acme-client/certproc.c @@ -1,4 +1,4 @@ -/* $Id: certproc.c,v 1.3 2016/08/31 23:53:58 benno Exp $ */ +/* $Id: certproc.c,v 1.4 2016/09/01 00:21:36 deraadt Exp $ */ /* * Copyright (c) 2016 Kristaps Dzonsons <kristaps@bsd.lv> * @@ -104,17 +104,12 @@ certproc(int netsock, int filesock) /* File-system and sandbox jailing. */ - if ( ! sandbox_before()) - goto out; - ERR_load_crypto_strings(); - if ( ! dropfs(PATH_VAR_EMPTY)) - goto out; - else if ( ! dropprivs()) - goto out; - else if ( ! sandbox_after()) + if (pledge("stdio", NULL) == -1) { + warn("pledge"); goto out; + } /* Read what the netproc wants us to do. */ |