diff options
| author | Andinus <andinus@nand.sh> | 2020-04-08 18:00:26 +0530 |
|---|---|---|
| committer | Andinus <andinus@nand.sh> | 2020-04-08 18:00:26 +0530 |
| commit | 5243a7c95529e712a028b8a7ec2a5d1a83b66cdc (patch) | |
| tree | f59704dfc856f88426f71d9f6c5288195b02febb | |
| parent | e80b9a2c4adc076f66e8239041512942c14c8e16 (diff) | |
| download | grus-5243a7c95529e712a028b8a7ec2a5d1a83b66cdc.tar.gz | |
Use stricter pledge promises if possible
| -rw-r--r-- | main_openbsd.go | 25 |
1 files changed, 16 insertions, 9 deletions
diff --git a/main_openbsd.go b/main_openbsd.go index 7d466ee..7bbe995 100644 --- a/main_openbsd.go +++ b/main_openbsd.go @@ -10,15 +10,22 @@ import ( ) func main() { - err := unix.PledgePromises("unveil stdio rpath") - panicOnErr(err) - - unveil() - - // Drop unveil from promises. - err = unix.PledgePromises("stdio rpath") - panicOnErr(err) - + // We need less permissions on these conditions. + if len(os.Args) == 1 || + os.Args[1] == "version" || + os.Args[1] == "env" { + err := unix.PledgePromises("stdio") + panicOnErr(err) + } else { + err := unix.PledgePromises("unveil stdio rpath") + panicOnErr(err) + + unveil() + + // Drop unveil from promises. + err = unix.PledgePromises("stdio rpath") + panicOnErr(err) + } grus() } |