commit - 67356dacdf3d2007b348e723f20bbc3af06090f5
commit + 34a6d6398b194b4b79f6e76dba083a12b8097f21
blob - 57a7b1c2380a5ce645a15be3ed4ab9fa4f2a60f7
blob + 5ddab275c66e03bc5ba192903150a4c188f511ba
--- gotd/libexec/got-notify-email/got-notify-email.c
+++ gotd/libexec/got-notify-email/got-notify-email.c
#ifndef PROFILE
if (pledge("stdio", NULL) == -1)
err(1, "pledge");
+
+ /* revoke fs access */
+ if (landlock_no_fs() == -1)
+ err(1, "landlock_no_fs");
+ if (cap_enter() == -1)
+ err(1, "cap_enter");
#endif
send_email(s, default_fromaddr, fromaddr, recipient, replytoaddr,
blob - 1bcbb0ab4d4aa90e596c6d75bbb028c024a9d88b
blob + 53deae6d51c200a7063d322e1b13f0166e65a244
--- gotd/libexec/got-notify-http/got-notify-http.c
+++ gotd/libexec/got-notify-http/got-notify-http.c
/* drop rpath dns inet */
if (pledge("stdio", NULL) == -1)
err(1, "pledge");
+
+ /* revoke fs access */
+ if (landlock_no_fs() == -1)
+ err(1, "landlock_no_fs");
+ if (cap_enter() == -1)
+ err(1, "cap_enter");
#endif
if ((!tls && strcmp(port, "80") != 0) ||