#include "utils.h"
#include "xalloc.h"
#include "keys.h"
+#include "sandbox.h"
#ifdef HAVE_MINIUPNPC
#include "upnp.h"
read_host_config(&config, ent->d_name, true);
if(!n) {
- n = new_node();
- n->name = xstrdup(ent->d_name);
+ n = new_node(ent->d_name);
node_add(n);
}
return returned_name;
}
-bool setup_myself_reloadable(void) {
- free(scriptinterpreter);
- scriptinterpreter = NULL;
+static void read_interpreter(void) {
+ char *interpreter = NULL;
+ get_config_string(lookup_config(&config_tree, "ScriptsInterpreter"), &interpreter);
+
+ if(!interpreter || (sandbox_can(START_PROCESSES, AFTER_SANDBOX) && sandbox_can(USE_NEW_PATHS, AFTER_SANDBOX))) {
+ free(scriptinterpreter);
+ scriptinterpreter = interpreter;
+ return;
+ }
+
+ if(!string_eq(interpreter, scriptinterpreter)) {
+ logger(DEBUG_ALWAYS, LOG_NOTICE, "Not changing ScriptsInterpreter because of sandbox.");
+ }
- get_config_string(lookup_config(&config_tree, "ScriptsInterpreter"), &scriptinterpreter);
+ free(interpreter);
+}
+
+bool setup_myself_reloadable(void) {
+ read_interpreter();
free(scriptextension);
} else if(!strcasecmp(proxy, "http")) {
proxytype = PROXY_HTTP;
} else if(!strcasecmp(proxy, "exec")) {
- proxytype = PROXY_EXEC;
+ if(sandbox_can(START_PROCESSES, AFTER_SANDBOX)) {
+ proxytype = PROXY_EXEC;
+ } else {
+ logger(DEBUG_ALWAYS, LOG_ERR, "Cannot use exec proxies with current sandbox level.");
+ return false;
+ }
} else {
logger(DEBUG_ALWAYS, LOG_ERR, "Unknown proxy type %s!", proxy);
free_string(proxy);
return false;
}
+ if(!sandbox_can(USE_NEW_PATHS, AFTER_SANDBOX)) {
+ logger(DEBUG_ALWAYS, LOG_NOTICE, "Changed exec proxy may fail to work because of sandbox.");
+ }
+
proxyhost = xstrdup(space);
break;
}
if(listen_sockets >= MAXSOCKETS) {
+ listen_sockets = MAXSOCKETS;
logger(DEBUG_ALWAYS, LOG_ERR, "Too many listening sockets");
freeaddrinfo(ai);
return false;
}
myname = xstrdup(name);
- myself = new_node();
+ myself = new_node(name);
myself->connection = new_connection();
- myself->name = name;
- myself->connection->name = xstrdup(name);
+ myself->connection->name = name;
read_host_config(&config_tree, name, true);
if(!get_config_string(lookup_config(&config_tree, "Port"), &myport.tcp)) {
devops = os_devops;
if(get_config_string(lookup_config(&config_tree, "DeviceType"), &type)) {
- if(!strcasecmp(type, "dummy")) {
+ if(!strcasecmp(type, DEVICE_DUMMY)) {
devops = dummy_devops;
} else if(!strcasecmp(type, "raw_socket")) {
devops = raw_socket_devops;
/* Open sockets */
- if(!do_detach && getenv("LISTEN_FDS")) {
+ const char *listen_fds = getenv("LISTEN_FDS");
+
+ if(!do_detach && listen_fds) {
sockaddr_t sa;
socklen_t salen;
- listen_sockets = atoi(getenv("LISTEN_FDS"));
+ listen_sockets = atoi(listen_fds);
#ifdef HAVE_UNSETENV
unsetenv("LISTEN_FDS");
#endif
if(listen_sockets > MAXSOCKETS) {
+ listen_sockets = MAXSOCKETS;
logger(DEBUG_ALWAYS, LOG_ERR, "Too many listening sockets");
return false;
}