Georg/catsit
1
0
Fork 0
Code Issues Pull Requests Releases Activity

Use pledge(2) and unveil(2) on OpenBSD

Browse Source
This commit is contained in:
C. McEnroe 2020-08-17 16:38:22 -04:00
parent ebd44fb606
commit 296e40887b
1 changed files with 24 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
daemon.c
View File

@ -19,6 +19,7 @@
#include <fcntl.h> #include <fcntl.h>
#include <fnmatch.h> #include <fnmatch.h>
#include <grp.h> #include <grp.h>
#include <paths.h>
#include <poll.h> #include <poll.h>
#include <pwd.h> #include <pwd.h>
#include <signal.h> #include <signal.h>
@ -189,7 +190,9 @@ static void setTitle(void) {
} }
int main(int argc, char *argv[]) { int main(int argc, char *argv[]) {
int error;
setprogname(argv[0]); setprogname(argv[0]);
openlog(getprogname(), LOG_NDELAY | LOG_PID | LOG_PERROR, LOG_DAEMON);
bool daemonize = true; bool daemonize = true;
setAdd(&stopExits, EX_USAGE); setAdd(&stopExits, EX_USAGE);
@ -221,7 +224,27 @@ int main(int argc, char *argv[]) {
} }
} }
int error = access(serviceDir, X_OK); #ifdef __OpenBSD__
if (pidPath) {
error = unveil(pidPath, "cw");
if (error) err(EX_OSERR, "unveil");
}
error = unveil(fifoPath, "crw")
|| unveil(configPath, "r")
|| unveil("/", "r")
|| unveil("/dev/null", "rw")
|| unveil(serviceDir, "r")
|| unveil(_PATH_BSHELL, "x")
|| unveil(NULL, NULL);
if (error) err(EX_OSERR, "unveil");
error = pledge(
"stdio cpath dpath rpath wpath flock getpw proc exec id", NULL
);
if (error) err(EX_OSERR, "pledge");
#endif
error = access(serviceDir, X_OK);
if (error) err(EX_NOINPUT, "%s", serviceDir); if (error) err(EX_NOINPUT, "%s", serviceDir);
errno = 0; errno = 0;