[sandbox] Landlock support

* Support disabling Landlock at compile time or runtime if unsupported, without disabling seccomp * Support older Landlock ABI versions * Support an extra arbitrary RW path, inteded for the coredump dir * Support database locations other than the working directory
2026-02-17 00:50:03 +00:00 · 2024-09-28 14:14:49 +02:00
parent 68b56e7c25
commit 197ccad0eb
6 changed files with 180 additions and 3 deletions
--- a/src/settings.hpp
+++ b/src/settings.hpp
@@ -5,6 +5,7 @@
 namespace settings {
    extern int VERBOSITY;
    extern bool SANDBOX;
+    extern std::string SANDBOXEXTRAPATH;
    extern int LOGINPORT;
    extern bool APPROVEALLNAMES;
    extern bool AUTOCREATEACCOUNTS;