From 5fb5e4f21f6408d7ff13e4ccb9ca5c636ef615a8 Mon Sep 17 00:00:00 2001
From: Andinus <andinus@nand.sh>
Date: Sat, 25 Apr 2020 17:26:10 +0530
Subject: Add unveil functions

---
 go.mod    |  2 ++
 go.sum    |  4 ++++
 unveil.go | 40 ++++++++++++++++++++++++++++++++++++++++
 3 files changed, 46 insertions(+)
 create mode 100644 go.sum
 create mode 100644 unveil.go

diff --git a/go.mod b/go.mod
index b90cbcc..1c77105 100644
--- a/go.mod
+++ b/go.mod
@@ -1,3 +1,5 @@
 module tildegit.org/andinus/pavo
 
 go 1.13
+
+require tildegit.org/andinus/lynx v0.4.0
diff --git a/go.sum b/go.sum
new file mode 100644
index 0000000..257eabe
--- /dev/null
+++ b/go.sum
@@ -0,0 +1,4 @@
+golang.org/x/sys v0.0.0-20200331124033-c3d80250170d h1:nc5K6ox/4lTFbMVSL9WRR81ixkcwXThoiF6yf+R9scA=
+golang.org/x/sys v0.0.0-20200331124033-c3d80250170d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+tildegit.org/andinus/lynx v0.4.0 h1:bAxZLOdWy66+qJ3bDWjkbmJfCWTIOZ8hMGzYt7T7Bxk=
+tildegit.org/andinus/lynx v0.4.0/go.mod h1:/PCNkKwfJ7pb6ziHa76a4gYp1R9S1Ro4ANjQwzSpBIk=
diff --git a/unveil.go b/unveil.go
new file mode 100644
index 0000000..99a9a82
--- /dev/null
+++ b/unveil.go
@@ -0,0 +1,40 @@
+package main
+
+import (
+	"fmt"
+	"os"
+
+	"tildegit.org/andinus/lynx"
+)
+
+// blockUnveil func blocks further unveil calls.
+func blockUnveil() {
+	err := lynx.UnveilBlock()
+	if err != nil {
+		fmt.Printf("%s :: %s",
+			"UnveilBlock() failed",
+			err.Error())
+		os.Exit(1)
+	}
+
+	// We drop unveil from promises after blocking it. We drop
+	// rpath too because the config file has been read.
+	err = lynx.PledgePromises("stdio exec")
+	if err != nil {
+		fmt.Printf("%s :: %s",
+			"blockUnveil failed",
+			err.Error())
+		os.Exit(1)
+	}
+}
+
+// initUnveil initializes unveil for inital use.
+func initUnveil() {
+	err := lynx.Unveil(configFile, "rc")
+	if err != nil {
+		fmt.Printf("%s :: %s",
+			"Unveil configFile failed",
+			err.Error())
+		os.Exit(1)
+	}
+}
-- 
cgit 1.4.1-2-gfad0