summary refs log tree commit diff stats
path: root/unveil.go
diff options
context:
space:
mode:
Diffstat (limited to 'unveil.go')
-rw-r--r--unveil.go40
1 files changed, 40 insertions, 0 deletions
diff --git a/unveil.go b/unveil.go
new file mode 100644
index 0000000..99a9a82
--- /dev/null
+++ b/unveil.go
@@ -0,0 +1,40 @@
+package main
+
+import (
+	"fmt"
+	"os"
+
+	"tildegit.org/andinus/lynx"
+)
+
+// blockUnveil func blocks further unveil calls.
+func blockUnveil() {
+	err := lynx.UnveilBlock()
+	if err != nil {
+		fmt.Printf("%s :: %s",
+			"UnveilBlock() failed",
+			err.Error())
+		os.Exit(1)
+	}
+
+	// We drop unveil from promises after blocking it. We drop
+	// rpath too because the config file has been read.
+	err = lynx.PledgePromises("stdio exec")
+	if err != nil {
+		fmt.Printf("%s :: %s",
+			"blockUnveil failed",
+			err.Error())
+		os.Exit(1)
+	}
+}
+
+// initUnveil initializes unveil for inital use.
+func initUnveil() {
+	err := lynx.Unveil(configFile, "rc")
+	if err != nil {
+		fmt.Printf("%s :: %s",
+			"Unveil configFile failed",
+			err.Error())
+		os.Exit(1)
+	}
+}
generated by cgit-pink 1.4.1-2-gfad0 (git 2.36.2.497.gbbea4dcf42) at 2024-05-17 08:52:38 +0000