Enforce sandboxing

7 years ago · 4a440def98
parent 2bf9415683
commit 4a440def98
2 changed files with 3 additions and 2 deletions
--- a/3
+++ b/3
@ -4,6 +4,7 @@ UNAME_SYS := $(shell uname -s)
 ifeq ($(UNAME_SYS), Linux)
 	LDFLAGS += -luuid -lresolv -Wl,-Bsymbolic-functions -Wl,-z,relro
 	CFLAGS ?= -D_FORTIFY_SOURCE=2 -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Werror=format-security -fno-strict-aliasing
+	XMPPIPE_SANDBOX ?= XMPPIPE_SANDBOX_SECCOMP
 	XMPPIPE_SANDBOX_RLIMIT_NOFILE ?= 0
 else ifeq ($(UNAME_SYS), FreeBSD)
 	XMPPIPE_SANDBOX ?= XMPPIPE_SANDBOX_CAPSICUM
@ -15,7 +16,7 @@ else ifeq ($(UNAME_SYS), Darwin)
 	LDFLAGS += -lresolv
 endif

-XMPPIPE_SANDBOX ?= XMPPIPE_SANDBOX_NULL
+XMPPIPE_SANDBOX ?= XMPPIPE_SANDBOX_RLIMIT
 XMPPIPE_SANDBOX_RLIMIT_NOFILE ?= -1
 CFLAGS += -DXMPPIPE_SANDBOX=\"$(XMPPIPE_SANDBOX)\" -D$(XMPPIPE_SANDBOX) \
 		  -DXMPPIPE_SANDBOX_RLIMIT_NOFILE=$(XMPPIPE_SANDBOX_RLIMIT_NOFILE)
--- a/src/xmppipe.h
+++ b/src/xmppipe.h
@ -21,7 +21,7 @@

 #include <strophe.h>

-#define XMPPIPE_VERSION "0.7.1"
+#define XMPPIPE_VERSION "0.8.0"

 #define XMPPIPE_STREQ(a,b)      (strcmp((a),(b)) == 0)
 #define XMPPIPE_STRNEQ(a,b)     (strcmp((a),(b)) != 0)