all repos — honk @ 4176f74dbeac47c69224d380629d574f132f777b

my fork of honk

unveil.go (view raw)

 1//
 2// Copyright (c) 2019 Ted Unangst <tedu@tedunangst.com>
 3//
 4// Permission to use, copy, modify, and distribute this software for any
 5// purpose with or without fee is hereby granted, provided that the above
 6// copyright notice and this permission notice appear in all copies.
 7//
 8// THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
 9// WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
10// MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
11// ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
12// WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
13// ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
14// OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
15
16package main
17
18import (
19	"humungus.tedunangst.com/r/pledge"
20)
21
22func init() {
23	preservehooks = append(preservehooks, func() {
24		err := pledge.Unveil("/etc/ssl", "r")
25		if err != nil {
26			elog.Fatalf("unveil(%s, %s) failure (%d)", "/etc/ssl", "r", err)
27		}
28		if viewDir != dataDir {
29			err = pledge.Unveil(viewDir, "r")
30			if err != nil {
31				elog.Fatalf("unveil(%s, %s) failure (%d)", viewDir, "r", err)
32			}
33		}
34		err = pledge.Unveil(dataDir, "rwc")
35		if err != nil {
36			elog.Fatalf("unveil(%s, %s) failure (%d)", dataDir, "rwc", err)
37		}
38		pledge.UnveilEnd()
39		promises := "stdio rpath wpath cpath flock dns inet unix"
40		err = pledge.Pledge(promises)
41		if err != nil {
42			elog.Fatalf("pledge(%s) failure (%d)", promises, err)
43		}
44	})
45	backendhooks = append(backendhooks, func() {
46		pledge.UnveilEnd()
47		promises := "stdio unix"
48		err := pledge.Pledge(promises)
49		if err != nil {
50			elog.Fatalf("pledge(%s) failure (%d)", promises, err)
51		}
52	})
53}