From f542fd5ca7a16165d80c5f968777e7a4bf71e6f1 Mon Sep 17 00:00:00 2001
From: Kristaps Dzonsons <kristaps@bsd.lv>
Date: Tue, 12 Jul 2016 05:18:38 +0000
Subject: Add support for Mac OS X's sandbox_init(3) sandbox functionality,
 which is marked as DEPRECATED in OS X after 2011 or so, but has not been
 removed and has no replacement.

ok schwarze@
---
 main.c | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

(limited to 'main.c')

diff --git a/main.c b/main.c
index a03ab0fe..527db244 100644
--- a/main.c
+++ b/main.c
@@ -1,4 +1,4 @@
-/*	$Id: main.c,v 1.268 2016/07/10 14:05:13 schwarze Exp $ */
+/*	$Id: main.c,v 1.269 2016/07/12 05:18:38 kristaps Exp $ */
 /*
  * Copyright (c) 2008-2012 Kristaps Dzonsons <kristaps@bsd.lv>
  * Copyright (c) 2010-2012, 2014-2016 Ingo Schwarze <schwarze@openbsd.org>
@@ -30,6 +30,9 @@
 #include <errno.h>
 #include <fcntl.h>
 #include <glob.h>
+#if HAVE_SANDBOX_INIT
+#include <sandbox.h>
+#endif
 #include <signal.h>
 #include <stdio.h>
 #include <stdint.h>
@@ -159,6 +162,11 @@ main(int argc, char *argv[])
 		err((int)MANDOCLEVEL_SYSERR, "pledge");
 #endif
 
+#if HAVE_SANDBOX_INIT
+	if (sandbox_init(kSBXProfileNoInternet, SANDBOX_NAMED, NULL) == -1)
+		errx((int)MANDOCLEVEL_SYSERR, "sandbox_init");
+#endif
+
 	/* Search options. */
 
 	memset(&conf, 0, sizeof(conf));
-- 
cgit v1.2.3