diff options
Diffstat (limited to 'src/bin/tpd.rs')
| -rw-r--r-- | src/bin/tpd.rs | 18 |
1 files changed, 18 insertions, 0 deletions
diff --git a/src/bin/tpd.rs b/src/bin/tpd.rs index 2b7fdb2..2d8c01d 100644 --- a/src/bin/tpd.rs +++ b/src/bin/tpd.rs @@ -18,6 +18,8 @@ mod ops; mod paste; #[path = "../protocol.rs"] mod protocol; +#[path = "../sandbox.rs"] +mod sandbox; #[path = "../store.rs"] mod store; @@ -186,6 +188,22 @@ fn main() { let id = node.id_hex(); eprintln!("tpd {addr} id={:.8}", id); + // ── Sandbox ───────────────────────────────────── + // Apply unveil(2) to restrict filesystem visibility, + // then pledge(2) to restrict syscalls. + sandbox::do_unveil(&dir, "rwc"); + if sock_path.parent() != Some(dir.as_ref()) { + if let Some(parent) = sock_path.parent() { + sandbox::do_unveil(parent, "rwc"); + } + } + if !no_auto_bootstrap || !bootstrap.is_empty() { + sandbox::do_unveil(std::path::Path::new("/etc/resolv.conf"), "r"); + } + sandbox::unveil_lock(); + + sandbox::do_pledge("stdio rpath wpath cpath fattr inet unix dns"); + // If no explicit peers given and auto-bootstrap is enabled, // discover peers via DNS SRV (_tesseras._udp.tesseras.net). if bootstrap.is_empty() && !no_auto_bootstrap { |