add OpenBSD unveil support - stagit-gopher - A git gopher frontend. (mirror) | |
git clone git://bitreich.org/stagit-gopher/ git://enlrupgkhuxnvlhsf6lc3fziv5h2h… | |
Log | |
Files | |
Refs | |
Tags | |
README | |
LICENSE | |
--- | |
commit 2d17ff69d90329bbbfadbf258f4a22f26358943b | |
parent 44e1ef57a375794bea37555ac1bc417d37156caf | |
Author: Hiltjo Posthuma <[email protected]> | |
Date: Sun, 22 Dec 2019 12:52:49 +0100 | |
add OpenBSD unveil support | |
The unveil() system call first appeared in OpenBSD 6.4. | |
For stagit-gopher it has the following properties now: | |
- stagit-gopher-index: only read-access to the file-system for the specified | |
directories/repositories. | |
- stagit-gopher: read-access to the specified directory/repository. | |
read-write and creation access to the current directory for the output files. | |
read-write and creation access to the specified cache file | |
Diffstat: | |
M stagit-gopher-index.c | 4 ++++ | |
M stagit-gopher.c | 7 +++++++ | |
2 files changed, 11 insertions(+), 0 deletions(-) | |
--- | |
diff --git a/stagit-gopher-index.c b/stagit-gopher-index.c | |
@@ -219,6 +219,10 @@ main(int argc, char *argv[]) | |
git_libgit2_init(); | |
#ifdef __OpenBSD__ | |
+ for (i = 1; i < argc; i++) | |
+ if (unveil(argv[i], "r") == -1) | |
+ err(1, "unveil: %s", argv[i]); | |
+ | |
if (pledge("stdio rpath", NULL) == -1) | |
err(1, "pledge"); | |
#endif | |
diff --git a/stagit-gopher.c b/stagit-gopher.c | |
@@ -1177,6 +1177,13 @@ main(int argc, char *argv[]) | |
git_libgit2_init(); | |
#ifdef __OpenBSD__ | |
+ if (unveil(repodir, "r") == -1) | |
+ err(1, "unveil: %s", repodir); | |
+ if (unveil(".", "rwc") == -1) | |
+ err(1, "unveil: ."); | |
+ if (cachefile && unveil(cachefile, "rwc") == -1) | |
+ err(1, "unveil: %s", cachefile); | |
+ | |
if (cachefile) { | |
if (pledge("stdio rpath wpath cpath fattr", NULL) == -1) | |
err(1, "pledge"); |