1 #include "../../system.h"
4 #include "../../sandbox.h"
6 static const char *promises =
8 " rpath" // Read configs & keys
10 " cpath" // Create same
11 " fattr" // chmod() same
12 " proc" // Check that tincd is running with kill()
13 " dns" // Resolve domain names
14 " inet" // Check that port is available
15 " unix" // Control connection to tincd
16 " exec" // Start tincd
17 #if defined(HAVE_CURSES) || defined(HAVE_READLINE)
22 static sandbox_level_t current_level = SANDBOX_NONE;
24 void sandbox_set_level(sandbox_level_t level) {
25 current_level = level;
28 bool sandbox_enter() {
29 if(current_level == SANDBOX_NONE) {
32 return restrict_privs(promises, PROMISES_ALL);
36 bool sandbox_can(sandbox_action_t action, sandbox_time_t when) {