add OpenBSD unveil support
The unveil() system call first appeared in OpenBSD 6.4. For stagit it has the following properties now: - stagit-index: only read-access to the file-system for the specified directories/repositories. - stagit: read-access to the specified directory/repository. read-write and creation access to the current directory for the output files. read-write and creation access to the specified cache file.
This commit is contained in:
Hiltjo Posthuma
parent
b5607f75af
commit
edee68f398
2 changed files with 10 additions and 0 deletions
|
|
@ -159,6 +159,9 @@ main(int argc, char *argv[])
|
|||
git_libgit2_init();
|
||||
|
||||
#ifdef __OpenBSD__
|
||||
for (i = 1; i < argc; i++)
|
||||
if (unveil(argv[i], "r") == -1)
|
||||
err(1, "unveil: %s", argv[i]);
|
||||
if (pledge("stdio rpath", NULL) == -1)
|
||||
err(1, "pledge");
|
||||
#endif
|
||||
|
|
|
|||
7
stagit.c
7
stagit.c
|
|
@ -1095,6 +1095,13 @@ main(int argc, char *argv[])
|
|||
git_libgit2_init();
|
||||
|
||||
#ifdef __OpenBSD__
|
||||
if (unveil(repodir, "r") == -1)
|
||||
err(1, "unveil: %s", repodir);
|
||||
if (unveil(".", "rwc") == -1)
|
||||
err(1, "unveil: .");
|
||||
if (cachefile && unveil(cachefile, "rwc") == -1)
|
||||
err(1, "unveil: %s", cachefile);
|
||||
|
||||
if (cachefile) {
|
||||
if (pledge("stdio rpath wpath cpath fattr", NULL) == -1)
|
||||
err(1, "pledge");
|
||||
|
|
|
|||
Loading…
Reference in a new issue