 |
add OpenBSD unveil support - stagit - static git page generator |
 |
git clone git://git.codemadness.org/stagit |
 |
Log |
|
Files |
|
Refs |
|
README |
|
LICENSE |
|
--- |
|
commit edee68f398f5b190f4be0127338956c0a2500662 |
|
parent b5607f75afb9c6e6e6ab49128f9760d3538809cd |
|
Author: Hiltjo Posthuma <[email protected]> |
|
Date: Sun, 1 Dec 2019 18:31:07 +0100 |
|
|
|
add OpenBSD unveil support |
|
|
|
The unveil() system call first appeared in OpenBSD 6.4. |
|
|
|
For stagit it has the following properties now: |
|
|
|
- stagit-index: only read-access to the file-system for the specified |
|
directories/repositories. |
|
- stagit: read-access to the specified directory/repository. |
|
read-write and creation access to the current directory for the output files. |
|
read-write and creation access to the specified cache file. |
|
|
|
Diffstat: |
|
M stagit-index.c | 3 +++ |
|
M stagit.c | 7 +++++++ |
|
|
|
2 files changed, 10 insertions(+), 0 deletions(-) |
|
--- |
|
diff --git a/stagit-index.c b/stagit-index.c |
|
@@ -159,6 +159,9 @@ main(int argc, char *argv[]) |
|
git_libgit2_init(); |
|
|
|
#ifdef __OpenBSD__ |
|
+ for (i = 1; i < argc; i++) |
|
+ if (unveil(argv[i], "r") == -1) |
|
+ err(1, "unveil: %s", argv[i]); |
|
if (pledge("stdio rpath", NULL) == -1) |
|
err(1, "pledge"); |
|
#endif |
|
diff --git a/stagit.c b/stagit.c |
|
@@ -1095,6 +1095,13 @@ main(int argc, char *argv[]) |
|
git_libgit2_init(); |
|
|
|
#ifdef __OpenBSD__ |
|
+ if (unveil(repodir, "r") == -1) |
|
+ err(1, "unveil: %s", repodir); |
|
+ if (unveil(".", "rwc") == -1) |
|
+ err(1, "unveil: ."); |
|
+ if (cachefile && unveil(cachefile, "rwc") == -1) |
|
+ err(1, "unveil: %s", cachefile); |
|
+ |
|
if (cachefile) { |
|
if (pledge("stdio rpath wpath cpath fattr", NULL) == -1) |
|
err(1, "pledge"); |
