xfnw/stagit
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

add OpenBSD unveil support

Browse source 
The unveil() system call first appeared in OpenBSD 6.4.

For stagit it has the following properties now:

- stagit-index: only read-access to the file-system for the specified
  directories/repositories.
- stagit: read-access to the specified directory/repository.
  read-write and creation access to the current directory for the output files.
  read-write and creation access to the specified cache file.
This commit is contained in:
Hiltjo Posthuma 2019-12-01 18:31:07 +01:00
parent b5607f75af
commit edee68f398
2 changed files with 10 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
stagit-index.c
View file

@ -159,6 +159,9 @@ main(int argc, char *argv[])
git_libgit2_init();
#ifdef __OpenBSD__
for (i = 1; i < argc; i++)
if (unveil(argv[i], "r") == -1)
err(1, "unveil: %s", argv[i]);
if (pledge("stdio rpath", NULL) == -1)
err(1, "pledge");
#endif

7
stagit.c
View file

@ -1095,6 +1095,13 @@ main(int argc, char *argv[])
git_libgit2_init();
#ifdef __OpenBSD__
if (unveil(repodir, "r") == -1)
err(1, "unveil: %s", repodir);
if (unveil(".", "rwc") == -1)
err(1, "unveil: .");
if (cachefile && unveil(cachefile, "rwc") == -1)
err(1, "unveil: %s", cachefile);
if (cachefile) {
if (pledge("stdio rpath wpath cpath fattr", NULL) == -1)
err(1, "pledge");