bx/catgirl
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Drop filesystem access iff possible

Browse Source 
Log files and state save/restore both require read/write access to
the filesystem, both during start and exit.

If neither features are used, catgirl may run with "stdio tty".
This commit is contained in:
Klemens Nanni 2021-01-22 22:02:02 +01:00 committed by C. McEnroe
parent 837c9efce4
commit bc3bd95648
1 changed files with 6 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
chat.c
View File

@ -341,10 +341,12 @@ int main(int argc, char *argv[]) {
} }
#ifdef __OpenBSD__ #ifdef __OpenBSD__
if (self.restricted) { char promises[64] = "stdio tty";
error = pledge("stdio rpath wpath cpath tty", NULL); struct Cat cat = { promises, sizeof(promises), strlen(promises) };
if (error) err(EX_OSERR, "pledge"); if (save || logEnable) catf(&cat, " rpath wpath cpath");
} if (!self.restricted) catf(&cat, " proc exec");
error = pledge(promises, NULL);
if (error) err(EX_OSERR, "pledge");
#endif #endif
struct pollfd fds[] = { struct pollfd fds[] = {