diff options
| -rw-r--r-- | unveil.go | 17 |
1 files changed, 16 insertions, 1 deletions
diff --git a/unveil.go b/unveil.go index 99a9a82..b50c438 100644 --- a/unveil.go +++ b/unveil.go @@ -30,11 +30,26 @@ func blockUnveil() { // initUnveil initializes unveil for inital use. func initUnveil() { - err := lynx.Unveil(configFile, "rc") + err := lynx.Unveil(configFile(), "rc") if err != nil { fmt.Printf("%s :: %s", "Unveil configFile failed", err.Error()) os.Exit(1) } + + // os.Exec fails if "/dev/null" is not unveiled & for some + // reason it calls "/dev/urandom" inititally so we unveil it + // too because there should be no harm in doing so. + paths := make(map[string]string) + paths["/dev/null"] = "r" + paths["/dev/urandom"] = "r" + + err = lynx.UnveilPaths(paths) + if err != nil { + fmt.Printf("%s :: %s", + "Unveil failed", + err.Error()) + os.Exit(1) + } } |