M go.mod → go.mod

@@ -9,6 +9,7 @@ github.com/mattn/go-runewidth v0.0.13
 	golang.org/x/crypto v0.12.0
 	golang.org/x/net v0.14.0
 	humungus.tedunangst.com/r/go-sqlite3 v1.1.3
+	humungus.tedunangst.com/r/pledge v0.1.3
 	humungus.tedunangst.com/r/webs v0.7.9
 )
 

M go.sum → go.sum

@@ -48,5 +48,7 @@ golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU=
 golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 humungus.tedunangst.com/r/go-sqlite3 v1.1.3 h1:G2N4wzDS0NbuvrZtQJhh4F+3X+s7BF8b9ga8k38geUI=
 humungus.tedunangst.com/r/go-sqlite3 v1.1.3/go.mod h1:FtEEmQM7U2Ey1TuEEOyY1BmphTZnmiEjPsNLEAkpf/M=
+humungus.tedunangst.com/r/pledge v0.1.3 h1:+kRJI7v4fowj2Ws6rK5s0rNfs4F5U4x4i1AYB6+1Bnk=
+humungus.tedunangst.com/r/pledge v0.1.3/go.mod h1:Bz/UgrjLr/nY5sgI8LIZ8oBg/YqEi/hHi+NPetojXYM=
 humungus.tedunangst.com/r/webs v0.7.9 h1:LC9o2F9joAcf4SxWaRFs5ZqXHSbzdfre9/9BY0gcM0w=
 humungus.tedunangst.com/r/webs v0.7.9/go.mod h1:ylhqHSPI0Oi7b4nsnx5mSO7AjLXN7wFpEHayLfN/ugk=

M unveil.go → unveil.go

@@ -1,5 +1,3 @@
-//go:build openbsd
-
 //
 // Copyright (c) 2019 Ted Unangst <tedu@tedunangst.com>
 //
@@ -17,50 +15,39 @@ // OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 
 package main
 
-/*
-#include <stdlib.h>
-#include <unistd.h>
-*/
-import "C"
-
 import (
-	"unsafe"
+	"humungus.tedunangst.com/r/pledge"
 )
-
-func Unveil(path string, perms string) {
-	cpath := C.CString(path)
-	defer C.free(unsafe.Pointer(cpath))
-	cperms := C.CString(perms)
-	defer C.free(unsafe.Pointer(cperms))
-
-	rv, err := C.unveil(cpath, cperms)
-	if rv != 0 {
-		elog.Fatalf("unveil(%s, %s) failure (%d)", path, perms, err)
-	}
-}
-
-func Pledge(promises string) {
-	cpromises := C.CString(promises)
-	defer C.free(unsafe.Pointer(cpromises))
-
-	rv, err := C.pledge(cpromises, nil)
-	if rv != 0 {
-		elog.Fatalf("pledge(%s) failure (%d)", promises, err)
-	}
-}
 
 func init() {
 	preservehooks = append(preservehooks, func() {
-		Unveil("/etc/ssl", "r")
+		err := pledge.Unveil("/etc/ssl", "r")
+		if err != nil {
+			elog.Fatalf("unveil(%s, %s) failure (%d)", "/etc/ssl", "r", err)
+		}
 		if viewDir != dataDir {
-			Unveil(viewDir, "r")
+			err = pledge.Unveil(viewDir, "r")
+			if err != nil {
+				elog.Fatalf("unveil(%s, %s) failure (%d)", viewDir, "r", err)
+			}
+		}
+		err = pledge.Unveil(dataDir, "rwc")
+		if err != nil {
+			elog.Fatalf("unveil(%s, %s) failure (%d)", dataDir, "rwc", err)
+		}
+		pledge.UnveilEnd()
+		promises := "stdio rpath wpath cpath flock dns inet unix"
+		err = pledge.Pledge(promises)
+		if err != nil {
+			elog.Fatalf("pledge(%s) failure (%d)", promises, err)
 		}
-		Unveil(dataDir, "rwc")
-		C.unveil(nil, nil)
-		Pledge("stdio rpath wpath cpath flock dns inet unix")
 	})
 	backendhooks = append(backendhooks, func() {
-		C.unveil(nil, nil)
-		Pledge("stdio unix")
+		pledge.UnveilEnd()
+		promises := "stdio unix"
+		err := pledge.Pledge(promises)
+		if err != nil {
+			elog.Fatalf("pledge(%s) failure (%d)", promises, err)
+		}
 	})
 }