In the cli, init the mlock allocator before entering sandbox

Currently OpenBSD port disables pledge because pledge doesn't have a flag for mlock. By initializing first, we can still use the allocator. Later (during shutdown) the munlock call will fail but will just fail with ENOSYS which is ignored, then we munmap the memory to free it which will unlock as a side-effect.
author: Jack Lloyd <[email protected]> 2020-04-09 08:59:40 -0400
committer: Jack Lloyd <[email protected]> 2020-04-09 08:59:40 -0400
commit: ca5780773c7a673e3457c5bb6fec38c54eab1fd2 (patch)
tree: f49b044c46cc070b8050a7d2ab56f10aae9dab4b /src/cli
parent: 8cf475990d8e81cfa70b7ae3bcf941ccd8a7baa5 (diff)
1 files changed, 3 insertions, 1 deletions
diff --git a/src/cli/sandbox.cpp b/src/cli/sandbox.cpp
index 901ca1d78..5bfa3d390 100644
--- a/src/cli/sandbox.cpp
+++ b/src/cli/sandbox.cpp
@@ -5,7 +5,7 @@
 */
 
 #include "sandbox.h"
-#include <botan/build.h>
+#include <botan/mem_ops.h>
 
 #if defined(BOTAN_TARGET_OS_HAS_PLEDGE)
   #include <unistd.h>
@@ -29,6 +29,8 @@ Sandbox::Sandbox()
 
 bool Sandbox::init()
    {
+   Botan::initialize_allocator();
+
 #if defined(BOTAN_TARGET_OS_HAS_PLEDGE)
    const static char *opts = "stdio rpath inet error";
    return (::pledge(opts, nullptr) == 0);
author	Jack Lloyd <[email protected]>	2020-04-09 08:59:40 -0400
committer	Jack Lloyd <[email protected]>	2020-04-09 08:59:40 -0400
commit	ca5780773c7a673e3457c5bb6fec38c54eab1fd2 (patch)
tree	f49b044c46cc070b8050a7d2ab56f10aae9dab4b /src/cli
parent	8cf475990d8e81cfa70b7ae3bcf941ccd8a7baa5 (diff)