OpenBSD: merge unveil and pledge logic a bit
This reads somewhat clearer as code is grouped by features instead of security mechanisms by simply merging identical tests/conditions. No functional change.master
parent
7793ca36bb
commit
5bfba6df52
11
chat.c
11
chat.c
|
@ -282,24 +282,23 @@ int main(int argc, char *argv[]) {
|
|||
}
|
||||
|
||||
#ifdef __OpenBSD__
|
||||
char promises[64] = "stdio tty";
|
||||
char *ptr = &promises[strlen(promises)], *end = &promises[sizeof(promises)];
|
||||
|
||||
if (log) {
|
||||
const char *logdir = dataMkdir("log");
|
||||
int error = unveil(logdir, "wc");
|
||||
if (error) err(EX_OSERR, "unveil");
|
||||
ptr = seprintf(ptr, end, " wpath cpath");
|
||||
}
|
||||
|
||||
if (!self.restricted) {
|
||||
int error = unveil("/", "x");
|
||||
if (error) err(EX_OSERR, "unveil");
|
||||
ptr = seprintf(ptr, end, " proc exec");
|
||||
}
|
||||
|
||||
char promises[64] = "stdio tty";
|
||||
char *ptr = &promises[strlen(promises)], *end = &promises[sizeof(promises)];
|
||||
if (log) ptr = seprintf(ptr, end, " wpath cpath");
|
||||
if (!self.restricted) ptr = seprintf(ptr, end, " proc exec");
|
||||
|
||||
char *promisesInitial = ptr;
|
||||
|
||||
ptr = seprintf(ptr, end, " inet dns");
|
||||
int error = pledge(promises, NULL);
|
||||
if (error) err(EX_OSERR, "pledge");
|
||||
|
|
Loading…
Reference in New Issue