 |
add OpenBSD unveil support - stagit-gopher - static git page generator for goph… |
 |
git clone git://git.codemadness.org/stagit-gopher |
 |
Log |
|
Files |
|
Refs |
|
README |
|
LICENSE |
|
--- |
|
commit 2d17ff69d90329bbbfadbf258f4a22f26358943b |
|
parent 44e1ef57a375794bea37555ac1bc417d37156caf |
|
Author: Hiltjo Posthuma <[email protected]> |
|
Date: Sun, 22 Dec 2019 12:52:49 +0100 |
|
|
|
add OpenBSD unveil support |
|
|
|
The unveil() system call first appeared in OpenBSD 6.4. |
|
|
|
For stagit-gopher it has the following properties now: |
|
|
|
- stagit-gopher-index: only read-access to the file-system for the specified |
|
directories/repositories. |
|
- stagit-gopher: read-access to the specified directory/repository. |
|
read-write and creation access to the current directory for the output files. |
|
read-write and creation access to the specified cache file |
|
|
|
Diffstat: |
|
M stagit-gopher-index.c | 4 ++++ |
|
M stagit-gopher.c | 7 +++++++ |
|
|
|
2 files changed, 11 insertions(+), 0 deletions(-) |
|
--- |
|
diff --git a/stagit-gopher-index.c b/stagit-gopher-index.c |
|
@@ -219,6 +219,10 @@ main(int argc, char *argv[]) |
|
git_libgit2_init(); |
|
|
|
#ifdef __OpenBSD__ |
|
+ for (i = 1; i < argc; i++) |
|
+ if (unveil(argv[i], "r") == -1) |
|
+ err(1, "unveil: %s", argv[i]); |
|
+ |
|
if (pledge("stdio rpath", NULL) == -1) |
|
err(1, "pledge"); |
|
#endif |
|
diff --git a/stagit-gopher.c b/stagit-gopher.c |
|
@@ -1177,6 +1177,13 @@ main(int argc, char *argv[]) |
|
git_libgit2_init(); |
|
|
|
#ifdef __OpenBSD__ |
|
+ if (unveil(repodir, "r") == -1) |
|
+ err(1, "unveil: %s", repodir); |
|
+ if (unveil(".", "rwc") == -1) |
|
+ err(1, "unveil: ."); |
|
+ if (cachefile && unveil(cachefile, "rwc") == -1) |
|
+ err(1, "unveil: %s", cachefile); |
|
+ |
|
if (cachefile) { |
|
if (pledge("stdio rpath wpath cpath fattr", NULL) == -1) |
|
err(1, "pledge"); |
