Switch to lynx & remove custom unveil wrappers
continuous-integration/drone/push Build is passing
Details
continuous-integration/drone/push Build is passing
Details
This commit is contained in:
parent
0883e2777d
commit
202c8a1380
GPG Key ID:
B67D55D482A799FD
|
|
@ -3,12 +3,11 @@
|
|||
package main
|
||||
|
||||
import (
|
||||
"fmt"
|
||||
"log"
|
||||
"strings"
|
||||
|
||||
"golang.org/x/sys/unix"
|
||||
"tildegit.org/andinus/cetus/cache"
|
||||
"tildegit.org/andinus/lynx"
|
||||
)
|
||||
|
||||
func main() {
|
||||
|
|
@ -17,41 +16,28 @@ func main() {
|
|||
}
|
||||
|
||||
func unveil() {
|
||||
unveilL := make(map[string]string)
|
||||
paths := make(map[string]string)
|
||||
|
||||
// We unveil the whole cache directory.
|
||||
err = unix.Unveil(cache.Dir(), "rwc")
|
||||
paths[cache.Dir()] = "rwc"
|
||||
paths["/dev/null"] = "rw" // required by feh
|
||||
paths["/etc/resolv.conf"] = "r"
|
||||
|
||||
// ktrace output
|
||||
paths["/usr/libexec/ld.so"] = "r"
|
||||
paths["/var/run/ld.so.hints"] = "r"
|
||||
paths["/usr/lib"] = "r"
|
||||
paths["/dev/urandom"] = "r"
|
||||
paths["/etc/hosts"] = "r"
|
||||
paths["/etc/ssl"] = "r"
|
||||
|
||||
err := lynx.UnveilPaths(paths)
|
||||
if err != nil {
|
||||
log.Fatal(err)
|
||||
}
|
||||
|
||||
unveilL["/dev/null"] = "rw" // required by feh
|
||||
unveilL["/etc/resolv.conf"] = "r"
|
||||
commands := []string{"feh", "gsettings", "pcmanfm", "notify-send"}
|
||||
|
||||
// ktrace output
|
||||
unveilL["/usr/libexec/ld.so"] = "r"
|
||||
unveilL["/var/run/ld.so.hints"] = "r"
|
||||
unveilL["/usr/lib"] = "r"
|
||||
unveilL["/dev/urandom"] = "r"
|
||||
unveilL["/etc/hosts"] = "r"
|
||||
unveilL["/etc/ssl"] = "r"
|
||||
|
||||
for k, v := range unveilL {
|
||||
err = unix.Unveil(k, v)
|
||||
if err != nil && err.Error() == "no such file or directory" {
|
||||
log.Printf("WARN: Unveil failed on %s", k)
|
||||
} else if err != nil {
|
||||
log.Fatal(fmt.Sprintf("%s :: %s\n%s", k, v,
|
||||
err.Error()))
|
||||
}
|
||||
}
|
||||
|
||||
err = unveilCmds([]string{
|
||||
"feh",
|
||||
"gsettings",
|
||||
"pcmanfm",
|
||||
"notify-send",
|
||||
})
|
||||
err = lynx.UnveilCommands(commands)
|
||||
if err != nil {
|
||||
log.Fatal(err)
|
||||
}
|
||||
|
|
@ -62,21 +48,3 @@ func unveil() {
|
|||
log.Fatal(err)
|
||||
}
|
||||
}
|
||||
|
||||
// unveilCmds will unveil commands.
|
||||
func unveilCmds(cmds []string) error {
|
||||
pathList := strings.Split(getEnv("PATH", ""), ":")
|
||||
// Unveil each command.
|
||||
for _, cmd := range cmds {
|
||||
for _, path := range pathList {
|
||||
err = unix.Unveil(fmt.Sprintf("%s/%s", path, cmd), "rx")
|
||||
|
||||
if err != nil && err.Error() != "no such file or directory" {
|
||||
return fmt.Errorf("%s\n%s",
|
||||
cmd,
|
||||
err.Error())
|
||||
}
|
||||
}
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
|
|
|||
5
go.mod
5
go.mod
|
|
@ -2,4 +2,7 @@ module tildegit.org/andinus/cetus
|
|||
|
||||
go 1.13
|
||||
|
||||
require golang.org/x/sys v0.0.0-20200331124033-c3d80250170d
|
||||
require (
|
||||
golang.org/x/sys v0.0.0-20200331124033-c3d80250170d
|
||||
tildegit.org/andinus/lynx v0.1.0
|
||||
)
|
||||
|
|
|
|||
2
go.sum
2
go.sum
|
|
@ -1,2 +1,4 @@
|
|||
golang.org/x/sys v0.0.0-20200331124033-c3d80250170d h1:nc5K6ox/4lTFbMVSL9WRR81ixkcwXThoiF6yf+R9scA=
|
||||
golang.org/x/sys v0.0.0-20200331124033-c3d80250170d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
|
||||
tildegit.org/andinus/lynx v0.1.0 h1:7YjyF8h7MBGKRgQZT0j0I3uHRPf3mI2GMiDujXVlLS0=
|
||||
tildegit.org/andinus/lynx v0.1.0/go.mod h1:/PCNkKwfJ7pb6ziHa76a4gYp1R9S1Ro4ANjQwzSpBIk=
|
||||
|
|
|
|||
Loading…
Reference in New Issue