summaryrefslogtreecommitdiff
path: root/src/common/sandbox.h
diff options
context:
space:
mode:
Diffstat (limited to 'src/common/sandbox.h')
-rw-r--r--src/common/sandbox.h53
1 files changed, 18 insertions, 35 deletions
diff --git a/src/common/sandbox.h b/src/common/sandbox.h
index b15f31cc41..8fcd221ef5 100644
--- a/src/common/sandbox.h
+++ b/src/common/sandbox.h
@@ -171,12 +171,10 @@ sandbox_cfg_t * sandbox_cfg_new(void);
/**
* Function used to add a open allowed filename to a supplied configuration.
- * The (char*) specifies the path to the allowed file, fr = 1 tells the
- * function that the char* needs to be free-ed, 0 means the pointer does not
- * need to be free-ed.
+ * The (char*) specifies the path to the allowed file; we take ownership
+ * of the pointer.
*/
-int sandbox_cfg_allow_open_filename(sandbox_cfg_t **cfg, char *file,
- int fr);
+int sandbox_cfg_allow_open_filename(sandbox_cfg_t **cfg, char *file);
/**DOCDOC*/
int sandbox_cfg_allow_rename(sandbox_cfg_t **cfg, char *file1, char *file2);
@@ -184,66 +182,51 @@ int sandbox_cfg_allow_rename(sandbox_cfg_t **cfg, char *file1, char *file2);
/** Function used to add a series of open allowed filenames to a supplied
* configuration.
* @param cfg sandbox configuration.
- * @param ... all future parameters are specified as pairs of <(char*), 1 / 0>
- * the char* specifies the path to the allowed file, 1 tells the function
- * that the char* needs to be free-ed, 0 means the pointer does not need to
- * be free-ed; the final parameter needs to be <NULL, 0>.
- */
+ * @param ... a list of stealable pointers to permitted files. The last
+ * one must be NULL.
+*/
int sandbox_cfg_allow_open_filename_array(sandbox_cfg_t **cfg, ...);
/**
* Function used to add a openat allowed filename to a supplied configuration.
- * The (char*) specifies the path to the allowed file, fr = 1 tells the
- * function that the char* needs to be free-ed, 0 means the pointer does not
- * need to be free-ed.
+ * The (char*) specifies the path to the allowed file; we steal the pointer to
+ * that file.
*/
-int sandbox_cfg_allow_openat_filename(sandbox_cfg_t **cfg, char *file,
- int fr);
+int sandbox_cfg_allow_openat_filename(sandbox_cfg_t **cfg, char *file);
/** Function used to add a series of openat allowed filenames to a supplied
* configuration.
* @param cfg sandbox configuration.
- * @param ... all future parameters are specified as pairs of <(char*), 1 / 0>
- * the char* specifies the path to the allowed file, 1 tells the function
- * that the char* needs to be free-ed, 0 means the pointer does not need to
- * be free-ed; the final parameter needs to be <NULL, 0>.
+ * @param ... a list of stealable pointers to permitted files. The last
+ * one must be NULL.
*/
int sandbox_cfg_allow_openat_filename_array(sandbox_cfg_t **cfg, ...);
/**
* Function used to add a execve allowed filename to a supplied configuration.
- * The (char*) specifies the path to the allowed file, fr = 1 tells the
- * function that the char* needs to be free-ed, 0 means the pointer does not
- * need to be free-ed.
+ * The (char*) specifies the path to the allowed file; that pointer is stolen.
*/
int sandbox_cfg_allow_execve(sandbox_cfg_t **cfg, const char *com);
/** Function used to add a series of execve allowed filenames to a supplied
* configuration.
* @param cfg sandbox configuration.
- * @param ... all future parameters are specified as pairs of <(char*), 1 / 0>
- * the char* specifies the path to the allowed file, 1 tells the function
- * that the char* needs to be free-ed, 0 means the pointer does not need to
- * be free-ed; the final parameter needs to be <NULL, 0>.
+ * @param ... an array of stealable pointers to permitted files. The last
+ * one must be NULL.
*/
int sandbox_cfg_allow_execve_array(sandbox_cfg_t **cfg, ...);
/**
* Function used to add a stat/stat64 allowed filename to a configuration.
- * The (char*) specifies the path to the allowed file, fr = 1 tells the
- * function that the char* needs to be free-ed, 0 means the pointer does not
- * need to be free-ed.
+ * The (char*) specifies the path to the allowed file; that pointer is stolen.
*/
-int sandbox_cfg_allow_stat_filename(sandbox_cfg_t **cfg, char *file,
- int fr);
+int sandbox_cfg_allow_stat_filename(sandbox_cfg_t **cfg, char *file);
/** Function used to add a series of stat64 allowed filenames to a supplied
* configuration.
* @param cfg sandbox configuration.
- * @param ... all future parameters are specified as pairs of <(char*), 1 / 0>
- * the char* specifies the path to the allowed file, 1 tells the function
- * that the char* needs to be free-ed, 0 means the pointer does not need to
- * be free-ed; the final parameter needs to be <NULL, 0>.
+ * @param ... an array of stealable pointers to permitted files. The last
+ * one must be NULL.
*/
int sandbox_cfg_allow_stat_filename_array(sandbox_cfg_t **cfg, ...);
7apu2bq3rhoylwmucxizk54afw5jyda7pho4j5zdcqpwkufke7zdzwad.onion