Drop filesystem access iff possible
Log files and state save/restore both require read/write access to the filesystem, both during start and exit. If neither features are used, catgirl may run with "stdio tty".master
parent
837c9efce4
commit
bc3bd95648
10
chat.c
10
chat.c
|
@ -341,10 +341,12 @@ int main(int argc, char *argv[]) {
|
||||||
}
|
}
|
||||||
|
|
||||||
#ifdef __OpenBSD__
|
#ifdef __OpenBSD__
|
||||||
if (self.restricted) {
|
char promises[64] = "stdio tty";
|
||||||
error = pledge("stdio rpath wpath cpath tty", NULL);
|
struct Cat cat = { promises, sizeof(promises), strlen(promises) };
|
||||||
if (error) err(EX_OSERR, "pledge");
|
if (save || logEnable) catf(&cat, " rpath wpath cpath");
|
||||||
}
|
if (!self.restricted) catf(&cat, " proc exec");
|
||||||
|
error = pledge(promises, NULL);
|
||||||
|
if (error) err(EX_OSERR, "pledge");
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
struct pollfd fds[] = {
|
struct pollfd fds[] = {
|
||||||
|
|
Loading…
Reference in New Issue