1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
|
#+HTML_HEAD: <link rel="stylesheet" href="../static/style.css">
#+HTML_HEAD: <link rel="icon" href="../static/lynx.png" type="image/png">
#+EXPORT_FILE_NAME: index
#+OPTIONS: toc:nil
#+TOC: headlines 2
#+TITLE: Lynx
Lynx is a simple /unveil/ wrapper. It returns /nil/ on unsupported systems,
currently only /OpenBSD/ supports /unveil/.
| Project Home | [[https://andinus.nand.sh/lynx][Lynx]] |
| Source Code | [[https://tildegit.org/andinus/lynx][Andinus / Lynx]] |
| GitHub (Mirror) | [[https://github.com/andinus/lynx][Lynx - GitHub]] |
* Examples
** UnveilCommands
UnveilCommands takes a slice of commands & unveils them one by one, it will
return an error if unveil fails at any step. "no such file or directory" error
is ignored because binaries are not placed in every PATH.
Default permission is "rx".
#+BEGIN_SRC go
package main
import "tildegit.org/andinus/lynx"
func main() {
commands := []string{"cd", "ls", "rm"}
err = lynx.UnveilCommands(commands)
if err != nil {
log.Fatal(err)
}
}
#+END_SRC
** UnveilPaths / UnveilPathsStrict
UnveilPaths takes a map of path, permission & unveils them one by one, it will
return an error if unveil fails at any step. "no such file or directory" error
is ignored, if you want to get that error too then use UnveilPathsStrict.
#+BEGIN_SRC go
package main
import "tildegit.org/andinus/lynx"
func main() {
paths := make(map[string]string)
paths["/home"] = "r"
paths["/dev/null"] = "rw"
paths["/etc/examples"] = "rwc"
paths["/root"] = "rwcx"
err = lynx.UnveilPaths(paths)
if err != nil {
log.Fatal(err)
}
// This will return an error if the path doesn't exist.
err = lynx.UnveilPathsStrict(paths)
if err != nil {
log.Fatal(err)
}
}
#+END_SRC
** UnveilPath / UnveilPathStrict
UnveilPath takes a path, permission & unveils it, it will return an error if
unveil fails at any step. "no such file or directory" error is ignored, if you
want to get that error too then use UnveilPathStrict.
#+BEGIN_SRC go
package main
import "tildegit.org/andinus/lynx"
func main() {
path := "/dev/null"
flags := "rw"
err = lynx.UnveilPath(path, flags)
if err != nil {
log.Fatal(err)
}
// This will return an error if the path doesn't exist.
err = lynx.UnveilPathStrict(path, flags)
if err != nil {
log.Fatal(err)
}
}
#+END_SRC
** UnveilBlock
UnveilBlock is just a wrapper around unix.UnveilBlock, it does nothing extra.
You should use unix.UnveilBlock.
#+BEGIN_SRC go
package main
import "tildegit.org/andinus/lynx"
func main() {
// Block further unveil calls.
err = lynx.UnveilBlock()
if err != nil {
log.Fatal(err)
}
}
#+END_SRC
|