diff options
-rw-r--r-- | openbsd/__init__.py | 20 |
1 files changed, 20 insertions, 0 deletions
diff --git a/openbsd/__init__.py b/openbsd/__init__.py index a688661..e73753b 100644 --- a/openbsd/__init__.py +++ b/openbsd/__init__.py @@ -9,6 +9,14 @@ _ffi = FFI() def pledge(promises=None, execpromises=None): + """Restrict system operations. + + `promises` is a space separated string or binary of promises or `None` for no restrictions. + `execpromises` has the same format as `promises` and contains promises when runing other binaries using `execve`, etc. + + See: https://man.openbsd.org/pledge.2 for more information. + """ + promises = _ffi.NULL if promises is None else _encode(promises) execpromises = _ffi.NULL if execpromises is None else _encode(execpromises) ret = _lib.pledge(promises, execpromises) @@ -18,6 +26,18 @@ def pledge(promises=None, execpromises=None): def unveil(path=None, permissions=None): + """Unveil parts of a restricted filesystem view. + + `path` may be a string or a binary. + `permissions` should be a combination of: + * `r`: Make path available for read operations. + * `w`: Make path available for write operations. + * `x`: Make path available for execute operations. + * `c`: Allow path to be created and removed. + + See: https://man.openbsd.org/unveil.2 for more information. + """ + path = _ffi.NULL if path is None else _encode(path) permissions = _ffi.NULL if permissions is None else _encode(permissions) ret = _lib.unveil(path, permissions) |