Refactor unveil calls so errors can be reported properly

This commit is contained in:
C. McEnroe 2020-11-10 15:15:13 -05:00
parent 5b1a5f2876
commit b7ebd38698

View File

@ -216,19 +216,23 @@ int main(int argc, char *argv[]) {
} }
#ifdef __OpenBSD__ #ifdef __OpenBSD__
if (pidPath) { struct {
error = unveil(pidPath, "cw"); const char *path;
if (error) err(EX_OSERR, "unveil"); const char *mode;
} paths[] = {
{ fifoPath, "crw" },
{ configPath, "r" },
{ "/", "r" },
{ "/dev/null", "rw" },
{ serviceDir, "r" },
{ _PATH_BSHELL, "x" },
{ pidPath, "cw" },
{ NULL, NULL },
};
for (size_t i = 0; paths[i].path; ++i) {
error = unveil(paths[i].path, paths[i].mode);
if (error) err(EX_CANTCREAT, "%s", paths[i].path);
} }
error = unveil(fifoPath, "crw")
|| unveil(configPath, "r")
|| unveil("/", "r")
|| unveil("/dev/null", "rw")
|| unveil(serviceDir, "r")
|| unveil(_PATH_BSHELL, "x")
|| unveil(NULL, NULL);
if (error) err(EX_OSERR, "unveil");
error = pledge( error = pledge(
"stdio cpath dpath rpath wpath flock getpw proc exec id", NULL "stdio cpath dpath rpath wpath flock getpw proc exec id", NULL
); );