about summary refs log tree commit diff stats
path: root/openbsd/__init__.py
diff options
context:
space:
mode:
Diffstat (limited to 'openbsd/__init__.py')
-rw-r--r--openbsd/__init__.py20
1 files changed, 20 insertions, 0 deletions
diff --git a/openbsd/__init__.py b/openbsd/__init__.py
index a688661..e73753b 100644
--- a/openbsd/__init__.py
+++ b/openbsd/__init__.py
@@ -9,6 +9,14 @@ _ffi = FFI()
 
 
 def pledge(promises=None, execpromises=None):
+    """Restrict system operations.
+    
+    `promises` is a space separated string or binary of promises or `None` for no restrictions.
+    `execpromises` has the same format as `promises` and contains promises when runing other binaries using `execve`, etc.
+
+    See: https://man.openbsd.org/pledge.2 for more information.
+    """
+
     promises = _ffi.NULL if promises is None else _encode(promises)
     execpromises = _ffi.NULL if execpromises is None else _encode(execpromises)
     ret = _lib.pledge(promises, execpromises)
@@ -18,6 +26,18 @@ def pledge(promises=None, execpromises=None):
 
 
 def unveil(path=None, permissions=None):
+    """Unveil parts of a restricted filesystem view.
+
+    `path` may be a string or a binary.
+    `permissions` should be a combination of:
+    * `r`: Make path available for read operations.
+    * `w`: Make path available for write operations.
+    * `x`: Make path available for execute operations.
+    * `c`: Allow path to be created and removed.
+
+    See: https://man.openbsd.org/unveil.2 for more information.
+    """
+
     path = _ffi.NULL if path is None else _encode(path)
     permissions = _ffi.NULL if permissions is None else _encode(permissions)
     ret = _lib.unveil(path, permissions)
generated by cgit-pink 1.4.1-2-gfad0 (git 2.36.2.497.gbbea4dcf42) at 2024-11-22 07:26:02 +0000