Add pledge(2) and unveil(2) sandboxing for tp and tpd

tpd: unveil data dir (rwc), resolv.conf (r) when DNS needed, then pledge stdio rpath wpath cpath fattr inet unix dns. tp: unveil socket path (rw), then pledge stdio unix rpath.
author: murilo ijanc 2026-03-25 13:58:11 -0300
committer: murilo ijanc 2026-03-25 14:06:13 -0300
commit: 57176d45cacb98f1968daa8f8b2efd2735da2731 (patch)
tree: 59010449a6f06b4b905a52ebbc155ae8af84dfdc /src/bin/tp.rs
parent: ee25588324ca61275782a3628dd1838dae58e69e (diff)
download: tesseras-paste-57176d45cacb98f1968daa8f8b2efd2735da2731.tar.gz
1 files changed, 7 insertions, 0 deletions
diff --git a/src/bin/tp.rs b/src/bin/tp.rs
index e33c357..860d1c9 100644
--- a/src/bin/tp.rs
+++ b/src/bin/tp.rs
@@ -10,6 +10,8 @@ use std::path::PathBuf;
 
 #[path = "../base58.rs"]
 mod base58;
+#[path = "../sandbox.rs"]
+mod sandbox;
 
 fn default_socket() -> PathBuf {
     PathBuf::from("/var/tesseras-paste/daemon.sock")
@@ -157,6 +159,11 @@ fn main() {
         }
     };
 
+    // ── Sandbox ─────────────────────────────────────
+    sandbox::do_unveil(&sock_path, "rw");
+    sandbox::unveil_lock();
+    sandbox::do_pledge("stdio unix rpath");
+
     let stream = match UnixStream::connect(&sock_path) {
         Ok(s) => s,
         Err(e) => {
author	murilo ijanc	2026-03-25 13:58:11 -0300
committer	murilo ijanc	2026-03-25 14:06:13 -0300
commit	57176d45cacb98f1968daa8f8b2efd2735da2731 (patch)
tree	59010449a6f06b4b905a52ebbc155ae8af84dfdc /src/bin/tp.rs
parent	ee25588324ca61275782a3628dd1838dae58e69e (diff)
download	tesseras-paste-57176d45cacb98f1968daa8f8b2efd2735da2731.tar.gz