OpenBSD: Simplify pledge(2) and unveil(2) strategy

2021-09-26 17:25:58 -04:00 · 2021-09-26 17:25:58 -04:00 · bdcb9ab46f
commit bdcb9ab46f
parent 3769acfdc7
1 changed files with 16 additions and 29 deletions
--- a/daemon.c
+++ b/daemon.c
@ -216,30 +216,6 @@ int main(int argc, char *argv[]) {
 		}
 	}
 #ifdef __OpenBSD__
 	struct {
 		const char *path;
 		const char *mode;
 	} paths[] = {
 		{ fifoPath, "crw" },
 		{ configPath, "r" },
 		{ "/", "r" },
 		{ "/dev/null", "rw" },
 		{ serviceDir, "r" },
 		{ _PATH_BSHELL, "x" },
 		{ pidPath, "cw" },
 		{ NULL, NULL },
 	};
 	for (size_t i = 0; paths[i].path; ++i) {
 		error = unveil(paths[i].path, paths[i].mode);
 		if (error) err(EX_CANTCREAT, "%s", paths[i].path);
 	}
 	error = pledge(
 		"stdio cpath dpath rpath wpath flock getpw proc exec id", NULL
 	);
 	if (error) err(EX_OSERR, "pledge");
 #endif
 	error = access(serviceDir, X_OK);
 	if (error) err(EX_NOINPUT, "%s", serviceDir);
@ -303,16 +279,27 @@ int main(int argc, char *argv[]) {
 			return EX_OSERR;
 		}
 	}
 #ifdef __OpenBSD__
 	error = 0
 		|| unveil(fifoPath, "c")
 		|| unveil(configPath, "r")
 		|| unveil(serviceDir, "r")
 		|| unveil(_PATH_BSHELL, "x");
 	if (error) err(EX_OSERR, "unveil");
 	if (pidPath) {
 		error = unveil(pidPath, "c");
 		if (error) err(EX_OSERR, "unveil");
 	}
 	error = pledge("stdio rpath cpath proc exec id", NULL);
 	if (error) err(EX_OSERR, "pledge");
 #endif
 	if (pidPath) {
 		int len = dprintf(pidFile, "%ju", (uintmax_t)getpid());
 		if (len < 0) syslog(LOG_WARNING, "%s: %m", pidPath);
 	}
 #ifdef __OpenBSD__
 	error = pledge("stdio cpath rpath proc exec id", NULL);
 	if (error) err(EX_OSERR, "pledge");
 #endif
 	signal(SIGHUP, signalHandler);
 	signal(SIGINT, signalHandler);
 	signal(SIGTERM, signalHandler);