summary refs log tree commit diff stats
diff options
context:
space:
mode:
-rw-r--r--README.org81
1 files changed, 57 insertions, 24 deletions
diff --git a/README.org b/README.org
index b21bc00..766769f 100644
--- a/README.org
+++ b/README.org
@@ -13,10 +13,10 @@ currently only /OpenBSD/ is supported.
 | GitHub (Mirror) | [[https://github.com/andinus/lynx][Lynx - GitHub]]  |
 
 * Examples
-** Unveil / UnveilStrict
-Unveil takes a path, permission & unveils it, it will return an error if unveil
-fails at any step. "no such file or directory" error is ignored, if you want to
-get that error too then use UnveilStrict.
+** UnveilPaths / UnveilPathsStrict
+UnveilPaths takes a map of path, permission & unveils them one by one, it will
+return an error if unveil fails at any step. "no such file or directory" error
+is ignored, if you want to get that error too then use UnveilPathsStrict.
 
 #+BEGIN_SRC go
 package main
@@ -24,16 +24,20 @@ package main
 import "tildegit.org/andinus/lynx"
 
 func main() {
-	path := "/dev/null"
-	flags := "rw"
+	paths := make(map[string]string)
 
-	err = lynx.Unveil(path, flags)
+	paths["/home"] = "r"
+	paths["/dev/null"] = "rw"
+	paths["/etc/examples"] = "rwc"
+	paths["/root"] = "rwcx"
+
+	err = lynx.UnveilPaths(paths)
 	if err != nil {
 		log.Fatal(err)
 	}
 
 	// This will return an error if the path doesn't exist.
-	err = lynx.UnveilStrict(path, flags)
+	err = lynx.UnveilPathsStrict(paths)
 	if err != nil {
 		log.Fatal(err)
 	}
@@ -60,10 +64,9 @@ func main() {
 	}
 }
 #+END_SRC
-** UnveilPaths / UnveilPathsStrict
-UnveilPaths takes a map of path, permission & unveils them one by one, it will
-return an error if unveil fails at any step. "no such file or directory" error
-is ignored, if you want to get that error too then use UnveilPathsStrict.
+** UnveilBlock
+UnveilBlock is just a wrapper around unix.UnveilBlock, it does nothing extra.
+You should use unix.UnveilBlock.
 
 #+BEGIN_SRC go
 package main
@@ -71,28 +74,42 @@ package main
 import "tildegit.org/andinus/lynx"
 
 func main() {
-	paths := make(map[string]string)
+	// Block further unveil calls.
+	err = lynx.UnveilBlock()
+	if err != nil {
+		log.Fatal(err)
+	}
+}
+#+END_SRC
+** Unveil / UnveilStrict
+Unveil takes a path, permission & unveils it, it will return an error if unveil
+fails at any step. "no such file or directory" error is ignored, if you want to
+get that error too then use UnveilStrict.
 
-	paths["/home"] = "r"
-	paths["/dev/null"] = "rw"
-	paths["/etc/examples"] = "rwc"
-	paths["/root"] = "rwcx"
+#+BEGIN_SRC go
+package main
 
-	err = lynx.UnveilPaths(paths)
+import "tildegit.org/andinus/lynx"
+
+func main() {
+	path := "/dev/null"
+	flags := "rw"
+
+	err = lynx.Unveil(path, flags)
 	if err != nil {
 		log.Fatal(err)
 	}
 
 	// This will return an error if the path doesn't exist.
-	err = lynx.UnveilPathsStrict(paths)
+	err = lynx.UnveilStrict(path, flags)
 	if err != nil {
 		log.Fatal(err)
 	}
 }
 #+END_SRC
-** UnveilBlock
-UnveilBlock is just a wrapper around unix.UnveilBlock, it does nothing extra.
-You should use unix.UnveilBlock.
+** Pledge / PledgePromises / PledgeExecpromises
+These are simple wrappers to unix package functions. They add nothing extra, you
+could simply change lynx.Pledge to unix.Pledge & it would just work.
 
 #+BEGIN_SRC go
 package main
@@ -100,8 +117,24 @@ package main
 import "tildegit.org/andinus/lynx"
 
 func main() {
-	// Block further unveil calls.
-	err = lynx.UnveilBlock()
+	promises := "stdio unveil"
+	execpromises := "stdio"
+
+	err = lynx.Pledge(promises, execpromises)
+	if err != nil {
+		log.Fatal(err)
+	}
+
+	// Drop promises.
+	promises = "stdio"
+	err = lynx.PledgePromises(promises)
+	if err != nil {
+		log.Fatal(err)
+	}
+
+	// Drop execpromises.
+	execpromises = ""
+	err = lynx.PledgeExecpromises(execpromises)
 	if err != nil {
 		log.Fatal(err)
 	}