Drop filesystem access iff possible

Log files and state save/restore both require read/write access to
the filesystem, both during start and exit.

If neither features are used, catgirl may run with "stdio tty".
master
Klemens Nanni 2021-01-22 22:02:02 +01:00 committed by C. McEnroe
parent 837c9efce4
commit bc3bd95648
1 changed files with 6 additions and 4 deletions

8
chat.c
View File

@ -341,10 +341,12 @@ int main(int argc, char *argv[]) {
} }
#ifdef __OpenBSD__ #ifdef __OpenBSD__
if (self.restricted) { char promises[64] = "stdio tty";
error = pledge("stdio rpath wpath cpath tty", NULL); struct Cat cat = { promises, sizeof(promises), strlen(promises) };
if (save || logEnable) catf(&cat, " rpath wpath cpath");
if (!self.restricted) catf(&cat, " proc exec");
error = pledge(promises, NULL);
if (error) err(EX_OSERR, "pledge"); if (error) err(EX_OSERR, "pledge");
}
#endif #endif
struct pollfd fds[] = { struct pollfd fds[] = {