1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
|
package main
import (
"encoding/json"
"flag"
"fmt"
"io/ioutil"
"os"
"tildegit.org/andinus/lynx"
)
type Pavo struct {
Config []Config `json:"config"`
}
type Unveil struct {
Permissions string `json:"permissions"`
Path string `json:"path"`
}
type Config struct {
Command string `json:"command"`
Unveil []Unveil `json:"unveil"`
CommandsToUnveil []string `json:"commandstounveil"`
Execpromises string `json:"execpromises"`
}
func parseConfig() {
// Read the config file
data, err := ioutil.ReadFile(configFile())
if err != nil {
fmt.Printf("%s :: %s",
"Failed to read the config file",
err.Error())
os.Exit(1)
}
var Pavo Pavo
// Unmarshal data to struct.
err = json.Unmarshal(data, &Pavo)
if err != nil {
fmt.Printf("%s :: %s\n",
"Failed to unmarshal the config file",
err.Error())
os.Exit(1)
}
// Get command & flags from flag.Args().
flag.Parse()
flags = flag.Args()[1:]
for k, v := range Pavo.Config {
// If we find the command's config then break.
if v.Command == flag.Args()[0] {
cmd = v
break
}
// If we don't find the config in file then return an
// error.
if k == len(Pavo.Config)-1 {
fmt.Printf("%s %s",
"Failed to find config for",
flag.Args()[0])
os.Exit(1)
}
}
// Commands to unveil.
commands := []string{cmd.Command}
// Get commands to unveil from config.
for _, v := range cmd.CommandsToUnveil {
commands = append(commands, v)
}
// Unveil all values of $PATH/command.
err = lynx.UnveilCommands(commands)
if err != nil {
fmt.Printf("%s :: %s",
"Failed to unveil command",
err.Error())
os.Exit(1)
}
// Set execpromises from config.
err = lynx.PledgeExecpromises(cmd.Execpromises)
if err != nil {
fmt.Printf("%s :: %s",
"PledgeExecpromises failed",
err.Error())
os.Exit(1)
}
// Unveil all paths from config.
paths := make(map[string]string)
for _, v := range cmd.Unveil {
paths[v.Path] = v.Permissions
}
err = lynx.UnveilPaths(paths)
if err != nil {
fmt.Printf("%s :: %s",
"Failed to unveil paths",
err.Error())
os.Exit(1)
}
}
|