diff options
| -rw-r--r-- | configure.ac | 3 | ||||
| -rw-r--r-- | src/core/Makefile.am | 5 | ||||
| -rw-r--r-- | src/core/capsicum.c | 46 | ||||
| -rw-r--r-- | src/core/capsicum.h | 7 | ||||
| -rw-r--r-- | src/core/core.c | 3 |
5 files changed, 63 insertions, 1 deletions
diff --git a/configure.ac b/configure.ac index f0c4cc5d..773f9eea 100644 --- a/configure.ac +++ b/configure.ac @@ -167,7 +167,7 @@ AC_ARG_ENABLE(gregex, want_gregex=yes) AC_ARG_WITH(capsicum, -[ --with-capsicum Build with Capsicum support], +[ --with-capsicum Build with Capsicum support], if test x$withval = xno; then want_capsicum=no else @@ -526,6 +526,7 @@ AM_CONDITIONAL(BUILD_IRSSIBOT, test "$want_irssibot" = "yes") AM_CONDITIONAL(BUILD_IRSSIFUZZER, test "$want_irssifuzzer" = "yes") AM_CONDITIONAL(BUILD_IRSSIPROXY, test "$want_irssiproxy" = "yes") AM_CONDITIONAL(HAVE_PERL, test "$want_perl" != "no") +AM_CONDITIONAL(HAVE_CAPSICUM, test "x$want_capsicum" = "xyes") AM_CONDITIONAL(USE_GREGEX, test "x$want_gregex" = "xyes") # move LIBS to PROG_LIBS so they're not tried to be used when linking eg. perl libraries diff --git a/src/core/Makefile.am b/src/core/Makefile.am index 91daba3f..f3bc1674 100644 --- a/src/core/Makefile.am +++ b/src/core/Makefile.am @@ -56,6 +56,11 @@ libcore_a_SOURCES = \ tls.c \ write-buffer.c +if HAVE_CAPSICUM +libcore_a_SOURCES += \ + capsicum.c +endif + structure_headers = \ channel-rec.h \ channel-setup-rec.h \ diff --git a/src/core/capsicum.c b/src/core/capsicum.c new file mode 100644 index 00000000..702b895a --- /dev/null +++ b/src/core/capsicum.c @@ -0,0 +1,46 @@ +/* + capsicum.c : Capsicum sandboxing support + + Copyright (C) 2017 Edward Tomasz Napierala <trasz@FreeBSD.org> + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License along + with this program; if not, write to the Free Software Foundation, Inc., + 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +*/ + +#include "module.h" +#include "signals.h" +#include "commands.h" + +#include <sys/capsicum.h> +#include <string.h> + +static void cmd_cap_enter(void) +{ + int error; + + error = cap_enter(); + if (error != 0) + g_error("cap_enter(2) failed: %s", strerror(errno)); +} + +void capsicum_init(void) +{ + + command_bind("cap_enter", NULL, (SIGNAL_FUNC) cmd_cap_enter); +} + +void capsicum_deinit(void) +{ + command_unbind("cap_enter", (SIGNAL_FUNC) cmd_cap_enter); +} diff --git a/src/core/capsicum.h b/src/core/capsicum.h new file mode 100644 index 00000000..75c70080 --- /dev/null +++ b/src/core/capsicum.h @@ -0,0 +1,7 @@ +#ifndef __CAPSICUM_H +#define __CAPSICUM_H + +void capsicum_init(void); +void capsicum_deinit(void); + +#endif diff --git a/src/core/core.c b/src/core/core.c index bf7cdd6b..72631f91 100644 --- a/src/core/core.c +++ b/src/core/core.c @@ -29,6 +29,7 @@ #include "signals.h" #include "settings.h" #include "session.h" +#include "capsicum.h" #include "chat-protocols.h" #include "servers.h" @@ -235,6 +236,7 @@ void core_init(void) commands_init(); nickmatch_cache_init(); session_init(); + capsicum_init(); chat_protocols_init(); chatnets_init(); @@ -292,6 +294,7 @@ void core_deinit(void) chatnets_deinit(); chat_protocols_deinit(); + capsicum_deinit(); session_deinit(); nickmatch_cache_deinit(); commands_deinit(); |