OpenBSD: merge unveil and pledge logic a bit
This reads somewhat clearer as code is grouped by features instead of security mechanisms by simply merging identical tests/conditions. No functional change.master
parent
7793ca36bb
commit
5bfba6df52
11
chat.c
11
chat.c
|
@ -282,24 +282,23 @@ int main(int argc, char *argv[]) {
|
||||||
}
|
}
|
||||||
|
|
||||||
#ifdef __OpenBSD__
|
#ifdef __OpenBSD__
|
||||||
|
char promises[64] = "stdio tty";
|
||||||
|
char *ptr = &promises[strlen(promises)], *end = &promises[sizeof(promises)];
|
||||||
|
|
||||||
if (log) {
|
if (log) {
|
||||||
const char *logdir = dataMkdir("log");
|
const char *logdir = dataMkdir("log");
|
||||||
int error = unveil(logdir, "wc");
|
int error = unveil(logdir, "wc");
|
||||||
if (error) err(EX_OSERR, "unveil");
|
if (error) err(EX_OSERR, "unveil");
|
||||||
|
ptr = seprintf(ptr, end, " wpath cpath");
|
||||||
}
|
}
|
||||||
|
|
||||||
if (!self.restricted) {
|
if (!self.restricted) {
|
||||||
int error = unveil("/", "x");
|
int error = unveil("/", "x");
|
||||||
if (error) err(EX_OSERR, "unveil");
|
if (error) err(EX_OSERR, "unveil");
|
||||||
|
ptr = seprintf(ptr, end, " proc exec");
|
||||||
}
|
}
|
||||||
|
|
||||||
char promises[64] = "stdio tty";
|
|
||||||
char *ptr = &promises[strlen(promises)], *end = &promises[sizeof(promises)];
|
|
||||||
if (log) ptr = seprintf(ptr, end, " wpath cpath");
|
|
||||||
if (!self.restricted) ptr = seprintf(ptr, end, " proc exec");
|
|
||||||
|
|
||||||
char *promisesInitial = ptr;
|
char *promisesInitial = ptr;
|
||||||
|
|
||||||
ptr = seprintf(ptr, end, " inet dns");
|
ptr = seprintf(ptr, end, " inet dns");
|
||||||
int error = pledge(promises, NULL);
|
int error = pledge(promises, NULL);
|
||||||
if (error) err(EX_OSERR, "pledge");
|
if (error) err(EX_OSERR, "pledge");
|
||||||
|
|
Loading…
Reference in New Issue