OpenBSD: merge unveil and pledge logic a bit

This reads somewhat clearer as code is grouped by features instead of
security mechanisms by simply merging identical tests/conditions.

No functional change.
master
Klemens Nanni 2021-06-29 00:03:00 +00:00 committed by C. McEnroe
parent 7793ca36bb
commit 5bfba6df52
1 changed files with 5 additions and 6 deletions

11
chat.c
View File

@ -282,24 +282,23 @@ int main(int argc, char *argv[]) {
} }
#ifdef __OpenBSD__ #ifdef __OpenBSD__
char promises[64] = "stdio tty";
char *ptr = &promises[strlen(promises)], *end = &promises[sizeof(promises)];
if (log) { if (log) {
const char *logdir = dataMkdir("log"); const char *logdir = dataMkdir("log");
int error = unveil(logdir, "wc"); int error = unveil(logdir, "wc");
if (error) err(EX_OSERR, "unveil"); if (error) err(EX_OSERR, "unveil");
ptr = seprintf(ptr, end, " wpath cpath");
} }
if (!self.restricted) { if (!self.restricted) {
int error = unveil("/", "x"); int error = unveil("/", "x");
if (error) err(EX_OSERR, "unveil"); if (error) err(EX_OSERR, "unveil");
ptr = seprintf(ptr, end, " proc exec");
} }
char promises[64] = "stdio tty";
char *ptr = &promises[strlen(promises)], *end = &promises[sizeof(promises)];
if (log) ptr = seprintf(ptr, end, " wpath cpath");
if (!self.restricted) ptr = seprintf(ptr, end, " proc exec");
char *promisesInitial = ptr; char *promisesInitial = ptr;
ptr = seprintf(ptr, end, " inet dns"); ptr = seprintf(ptr, end, " inet dns");
int error = pledge(promises, NULL); int error = pledge(promises, NULL);
if (error) err(EX_OSERR, "pledge"); if (error) err(EX_OSERR, "pledge");