From 5fb5e4f21f6408d7ff13e4ccb9ca5c636ef615a8 Mon Sep 17 00:00:00 2001 From: Andinus Date: Sat, 25 Apr 2020 17:26:10 +0530 Subject: Add unveil functions --- go.mod | 2 ++ go.sum | 4 ++++ unveil.go | 40 ++++++++++++++++++++++++++++++++++++++++ 3 files changed, 46 insertions(+) create mode 100644 go.sum create mode 100644 unveil.go diff --git a/go.mod b/go.mod index b90cbcc..1c77105 100644 --- a/go.mod +++ b/go.mod @@ -1,3 +1,5 @@ module tildegit.org/andinus/pavo go 1.13 + +require tildegit.org/andinus/lynx v0.4.0 diff --git a/go.sum b/go.sum new file mode 100644 index 0000000..257eabe --- /dev/null +++ b/go.sum @@ -0,0 +1,4 @@ +golang.org/x/sys v0.0.0-20200331124033-c3d80250170d h1:nc5K6ox/4lTFbMVSL9WRR81ixkcwXThoiF6yf+R9scA= +golang.org/x/sys v0.0.0-20200331124033-c3d80250170d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +tildegit.org/andinus/lynx v0.4.0 h1:bAxZLOdWy66+qJ3bDWjkbmJfCWTIOZ8hMGzYt7T7Bxk= +tildegit.org/andinus/lynx v0.4.0/go.mod h1:/PCNkKwfJ7pb6ziHa76a4gYp1R9S1Ro4ANjQwzSpBIk= diff --git a/unveil.go b/unveil.go new file mode 100644 index 0000000..99a9a82 --- /dev/null +++ b/unveil.go @@ -0,0 +1,40 @@ +package main + +import ( + "fmt" + "os" + + "tildegit.org/andinus/lynx" +) + +// blockUnveil func blocks further unveil calls. +func blockUnveil() { + err := lynx.UnveilBlock() + if err != nil { + fmt.Printf("%s :: %s", + "UnveilBlock() failed", + err.Error()) + os.Exit(1) + } + + // We drop unveil from promises after blocking it. We drop + // rpath too because the config file has been read. + err = lynx.PledgePromises("stdio exec") + if err != nil { + fmt.Printf("%s :: %s", + "blockUnveil failed", + err.Error()) + os.Exit(1) + } +} + +// initUnveil initializes unveil for inital use. +func initUnveil() { + err := lynx.Unveil(configFile, "rc") + if err != nil { + fmt.Printf("%s :: %s", + "Unveil configFile failed", + err.Error()) + os.Exit(1) + } +} -- cgit 1.4.1-2-gfad0