commit 34a6d6398b194b4b79f6e76dba083a12b8097f21
from: Omar Polo <op@omarpolo.com>
date: Fri Apr 26 11:39:31 2024 UTC

portable: sandbox got-notify-* helpers

"looks good to me" thomas

commit - 67356dacdf3d2007b348e723f20bbc3af06090f5
commit + 34a6d6398b194b4b79f6e76dba083a12b8097f21
blob - 57a7b1c2380a5ce645a15be3ed4ab9fa4f2a60f7
blob + 5ddab275c66e03bc5ba192903150a4c188f511ba
--- gotd/libexec/got-notify-email/got-notify-email.c
+++ gotd/libexec/got-notify-email/got-notify-email.c
@@ -432,6 +432,12 @@ main(int argc, char *argv[])
 #ifndef PROFILE
 	if (pledge("stdio", NULL) == -1)
 		err(1, "pledge");
+
+	/* revoke fs access */
+	if (landlock_no_fs() == -1)
+		err(1, "landlock_no_fs");
+	if (cap_enter() == -1)
+		err(1, "cap_enter");
 #endif
 
 	send_email(s, default_fromaddr, fromaddr, recipient, replytoaddr,
blob - 1bcbb0ab4d4aa90e596c6d75bbb028c024a9d88b
blob + 53deae6d51c200a7063d322e1b13f0166e65a244
--- gotd/libexec/got-notify-http/got-notify-http.c
+++ gotd/libexec/got-notify-http/got-notify-http.c
@@ -933,6 +933,12 @@ main(int argc, char **argv)
 	/* drop rpath dns inet */
 	if (pledge("stdio", NULL) == -1)
 		err(1, "pledge");
+
+	/* revoke fs access */
+	if (landlock_no_fs() == -1)
+		err(1, "landlock_no_fs");
+	if (cap_enter() == -1)
+		err(1, "cap_enter");
 #endif
 
 	if ((!tls && strcmp(port, "80") != 0) ||