From ca5780773c7a673e3457c5bb6fec38c54eab1fd2 Mon Sep 17 00:00:00 2001
From: Jack Lloyd <jack@randombit.net>
Date: Thu, 9 Apr 2020 08:59:40 -0400
Subject: In the cli, init the mlock allocator before entering sandbox

Currently OpenBSD port disables pledge because pledge doesn't have
a flag for mlock. By initializing first, we can still use the allocator.
Later (during shutdown) the munlock call will fail but will just
fail with ENOSYS which is ignored, then we munmap the memory to free
it which will unlock as a side-effect.
---
 src/cli/sandbox.cpp | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

(limited to 'src/cli')

diff --git a/src/cli/sandbox.cpp b/src/cli/sandbox.cpp
index 901ca1d78..5bfa3d390 100644
--- a/src/cli/sandbox.cpp
+++ b/src/cli/sandbox.cpp
@@ -5,7 +5,7 @@
 */
 
 #include "sandbox.h"
-#include <botan/build.h>
+#include <botan/mem_ops.h>
 
 #if defined(BOTAN_TARGET_OS_HAS_PLEDGE)
   #include <unistd.h>
@@ -29,6 +29,8 @@ Sandbox::Sandbox()
 
 bool Sandbox::init()
    {
+   Botan::initialize_allocator();
+
 #if defined(BOTAN_TARGET_OS_HAS_PLEDGE)
    const static char *opts = "stdio rpath inet error";
    return (::pledge(opts, nullptr) == 0);
-- 
cgit v1.2.3