diff options
author | Andinus <andinus@nand.sh> | 2020-04-04 21:59:01 +0530 |
---|---|---|
committer | Andinus <andinus@nand.sh> | 2020-04-04 21:59:01 +0530 |
commit | 206a776f64c9163ab597c25a61040c08c012dfd0 (patch) | |
tree | 62c45c0ba66453d1103a566febfbe5df6d893839 /cmd | |
parent | ffe417d98b545333f17fc1aec055e6fe44b1dc56 (diff) | |
download | cetus-206a776f64c9163ab597c25a61040c08c012dfd0.tar.gz |
Fix unveil rules
Diffstat (limited to 'cmd')
-rw-r--r-- | cmd/cetus/main_openbsd.go | 21 |
1 files changed, 8 insertions, 13 deletions
diff --git a/cmd/cetus/main_openbsd.go b/cmd/cetus/main_openbsd.go index 42aecaf..a140071 100644 --- a/cmd/cetus/main_openbsd.go +++ b/cmd/cetus/main_openbsd.go @@ -19,27 +19,22 @@ func main() { func unveil() { unveilL := make(map[string]string) - unveilL[cache.GetDir()] = "rwc" - unveilL["/dev/null"] = "rw" // required by feh + // We unveil the whole cache directory. + err = unix.Unveil(cache.Dir(), "rwc") + if err != nil { + log.Fatal(err) + } + unveilL["/dev/null"] = "rw" // required by feh unveilL["/etc/resolv.conf"] = "r" // ktrace output unveilL["/usr/libexec/ld.so"] = "r" unveilL["/var/run/ld.so.hints"] = "r" - unveilL["/usr/lib/libpthread.so.26.1"] = "r" - unveilL["/usr/lib/libc.so.95.1"] = "r" + unveilL["/usr/lib"] = "r" unveilL["/dev/urandom"] = "r" - unveilL["/etc/mdns.allow"] = "r" unveilL["/etc/hosts"] = "r" - unveilL["/usr/local/etc/ssl/cert.pem"] = "r" - unveilL["/etc/ssl/cert.pem"] = "r" - unveilL["/etc/ssl/certs"] = "r" - unveilL["/system/etc/security/cacerts"] = "r" - unveilL["/usr/local/share/certs"] = "r" - unveilL["/etc/pki/tls/certs"] = "r" - unveilL["/etc/openssl/certs"] = "r" - unveilL["/var/ssl/certs"] = "r" + unveilL["/etc/ssl"] = "r" for k, v := range unveilL { err = unix.Unveil(k, v) |