summary refs log tree commit diff stats
path: root/cmd
diff options
context:
space:
mode:
authorAndinus <andinus@nand.sh>2020-04-04 21:59:01 +0530
committerAndinus <andinus@nand.sh>2020-04-04 21:59:01 +0530
commit206a776f64c9163ab597c25a61040c08c012dfd0 (patch)
tree62c45c0ba66453d1103a566febfbe5df6d893839 /cmd
parentffe417d98b545333f17fc1aec055e6fe44b1dc56 (diff)
downloadcetus-206a776f64c9163ab597c25a61040c08c012dfd0.tar.gz
Fix unveil rules
Diffstat (limited to 'cmd')
-rw-r--r--cmd/cetus/main_openbsd.go21
1 files changed, 8 insertions, 13 deletions
diff --git a/cmd/cetus/main_openbsd.go b/cmd/cetus/main_openbsd.go
index 42aecaf..a140071 100644
--- a/cmd/cetus/main_openbsd.go
+++ b/cmd/cetus/main_openbsd.go
@@ -19,27 +19,22 @@ func main() {
 func unveil() {
 	unveilL := make(map[string]string)
 
-	unveilL[cache.GetDir()] = "rwc"
-	unveilL["/dev/null"] = "rw" // required by feh
+	// We unveil the whole cache directory.
+	err = unix.Unveil(cache.Dir(), "rwc")
+	if err != nil {
+		log.Fatal(err)
+	}
 
+	unveilL["/dev/null"] = "rw" // required by feh
 	unveilL["/etc/resolv.conf"] = "r"
 
 	// ktrace output
 	unveilL["/usr/libexec/ld.so"] = "r"
 	unveilL["/var/run/ld.so.hints"] = "r"
-	unveilL["/usr/lib/libpthread.so.26.1"] = "r"
-	unveilL["/usr/lib/libc.so.95.1"] = "r"
+	unveilL["/usr/lib"] = "r"
 	unveilL["/dev/urandom"] = "r"
-	unveilL["/etc/mdns.allow"] = "r"
 	unveilL["/etc/hosts"] = "r"
-	unveilL["/usr/local/etc/ssl/cert.pem"] = "r"
-	unveilL["/etc/ssl/cert.pem"] = "r"
-	unveilL["/etc/ssl/certs"] = "r"
-	unveilL["/system/etc/security/cacerts"] = "r"
-	unveilL["/usr/local/share/certs"] = "r"
-	unveilL["/etc/pki/tls/certs"] = "r"
-	unveilL["/etc/openssl/certs"] = "r"
-	unveilL["/var/ssl/certs"] = "r"
+	unveilL["/etc/ssl"] = "r"
 
 	for k, v := range unveilL {
 		err = unix.Unveil(k, v)