2 files changed, 25 insertions, 0 deletions

diff --git a/src/bin/tp.rs b/src/bin/tp.rs
index e33c357..860d1c9 100644
--- a/src/bin/tp.rs
+++ b/src/bin/tp.rs
@@ -10,6 +10,8 @@ use std::path::PathBuf;
 
 #[path = "../base58.rs"]
 mod base58;
+#[path = "../sandbox.rs"]
+mod sandbox;
 
 fn default_socket() -> PathBuf {
     PathBuf::from("/var/tesseras-paste/daemon.sock")
@@ -157,6 +159,11 @@ fn main() {
         }
     };
 
+    // ── Sandbox ─────────────────────────────────────
+    sandbox::do_unveil(&sock_path, "rw");
+    sandbox::unveil_lock();
+    sandbox::do_pledge("stdio unix rpath");
+
     let stream = match UnixStream::connect(&sock_path) {
         Ok(s) => s,
         Err(e) => {
diff --git a/src/bin/tpd.rs b/src/bin/tpd.rs
index 2b7fdb2..2d8c01d 100644
--- a/src/bin/tpd.rs
+++ b/src/bin/tpd.rs
@@ -18,6 +18,8 @@ mod ops;
 mod paste;
 #[path = "../protocol.rs"]
 mod protocol;
+#[path = "../sandbox.rs"]
+mod sandbox;
 #[path = "../store.rs"]
 mod store;
 
@@ -186,6 +188,22 @@ fn main() {
     let id = node.id_hex();
     eprintln!("tpd {addr} id={:.8}", id);
 
+    // ── Sandbox ─────────────────────────────────────
+    // Apply unveil(2) to restrict filesystem visibility,
+    // then pledge(2) to restrict syscalls.
+    sandbox::do_unveil(&dir, "rwc");
+    if sock_path.parent() != Some(dir.as_ref()) {
+        if let Some(parent) = sock_path.parent() {
+            sandbox::do_unveil(parent, "rwc");
+        }
+    }
+    if !no_auto_bootstrap || !bootstrap.is_empty() {
+        sandbox::do_unveil(std::path::Path::new("/etc/resolv.conf"), "r");
+    }
+    sandbox::unveil_lock();
+
+    sandbox::do_pledge("stdio rpath wpath cpath fattr inet unix dns");
+
     // If no explicit peers given and auto-bootstrap is enabled,
     // discover peers via DNS SRV (_tesseras._udp.tesseras.net).
     if bootstrap.is_empty() && !no_auto_bootstrap {