Use pledge(2) and unveil(2) on OpenBSD
This commit is contained in:
parent
ebd44fb606
commit
296e40887b
25
daemon.c
25
daemon.c
@ -19,6 +19,7 @@
|
||||
#include <fcntl.h>
|
||||
#include <fnmatch.h>
|
||||
#include <grp.h>
|
||||
#include <paths.h>
|
||||
#include <poll.h>
|
||||
#include <pwd.h>
|
||||
#include <signal.h>
|
||||
@ -189,7 +190,9 @@ static void setTitle(void) {
|
||||
}
|
||||
|
||||
int main(int argc, char *argv[]) {
|
||||
int error;
|
||||
setprogname(argv[0]);
|
||||
openlog(getprogname(), LOG_NDELAY | LOG_PID | LOG_PERROR, LOG_DAEMON);
|
||||
|
||||
bool daemonize = true;
|
||||
setAdd(&stopExits, EX_USAGE);
|
||||
@ -221,7 +224,27 @@ int main(int argc, char *argv[]) {
|
||||
}
|
||||
}
|
||||
|
||||
int error = access(serviceDir, X_OK);
|
||||
#ifdef __OpenBSD__
|
||||
if (pidPath) {
|
||||
error = unveil(pidPath, "cw");
|
||||
if (error) err(EX_OSERR, "unveil");
|
||||
}
|
||||
error = unveil(fifoPath, "crw")
|
||||
|| unveil(configPath, "r")
|
||||
|| unveil("/", "r")
|
||||
|| unveil("/dev/null", "rw")
|
||||
|| unveil(serviceDir, "r")
|
||||
|| unveil(_PATH_BSHELL, "x")
|
||||
|| unveil(NULL, NULL);
|
||||
if (error) err(EX_OSERR, "unveil");
|
||||
|
||||
error = pledge(
|
||||
"stdio cpath dpath rpath wpath flock getpw proc exec id", NULL
|
||||
);
|
||||
if (error) err(EX_OSERR, "pledge");
|
||||
#endif
|
||||
|
||||
error = access(serviceDir, X_OK);
|
||||
if (error) err(EX_NOINPUT, "%s", serviceDir);
|
||||
|
||||
errno = 0;
|
||||
|
Loading…
Reference in New Issue
Block a user