Switch to lynx & remove custom unveil wrappers
continuous-integration/drone/push Build is passing
Details
continuous-integration/drone/push Build is passing
Details
This commit is contained in:
parent
0883e2777d
commit
202c8a1380
|
@ -3,12 +3,11 @@
|
||||||
package main
|
package main
|
||||||
|
|
||||||
import (
|
import (
|
||||||
"fmt"
|
|
||||||
"log"
|
"log"
|
||||||
"strings"
|
|
||||||
|
|
||||||
"golang.org/x/sys/unix"
|
"golang.org/x/sys/unix"
|
||||||
"tildegit.org/andinus/cetus/cache"
|
"tildegit.org/andinus/cetus/cache"
|
||||||
|
"tildegit.org/andinus/lynx"
|
||||||
)
|
)
|
||||||
|
|
||||||
func main() {
|
func main() {
|
||||||
|
@ -17,41 +16,28 @@ func main() {
|
||||||
}
|
}
|
||||||
|
|
||||||
func unveil() {
|
func unveil() {
|
||||||
unveilL := make(map[string]string)
|
paths := make(map[string]string)
|
||||||
|
|
||||||
// We unveil the whole cache directory.
|
paths[cache.Dir()] = "rwc"
|
||||||
err = unix.Unveil(cache.Dir(), "rwc")
|
paths["/dev/null"] = "rw" // required by feh
|
||||||
|
paths["/etc/resolv.conf"] = "r"
|
||||||
|
|
||||||
|
// ktrace output
|
||||||
|
paths["/usr/libexec/ld.so"] = "r"
|
||||||
|
paths["/var/run/ld.so.hints"] = "r"
|
||||||
|
paths["/usr/lib"] = "r"
|
||||||
|
paths["/dev/urandom"] = "r"
|
||||||
|
paths["/etc/hosts"] = "r"
|
||||||
|
paths["/etc/ssl"] = "r"
|
||||||
|
|
||||||
|
err := lynx.UnveilPaths(paths)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
log.Fatal(err)
|
log.Fatal(err)
|
||||||
}
|
}
|
||||||
|
|
||||||
unveilL["/dev/null"] = "rw" // required by feh
|
commands := []string{"feh", "gsettings", "pcmanfm", "notify-send"}
|
||||||
unveilL["/etc/resolv.conf"] = "r"
|
|
||||||
|
|
||||||
// ktrace output
|
err = lynx.UnveilCommands(commands)
|
||||||
unveilL["/usr/libexec/ld.so"] = "r"
|
|
||||||
unveilL["/var/run/ld.so.hints"] = "r"
|
|
||||||
unveilL["/usr/lib"] = "r"
|
|
||||||
unveilL["/dev/urandom"] = "r"
|
|
||||||
unveilL["/etc/hosts"] = "r"
|
|
||||||
unveilL["/etc/ssl"] = "r"
|
|
||||||
|
|
||||||
for k, v := range unveilL {
|
|
||||||
err = unix.Unveil(k, v)
|
|
||||||
if err != nil && err.Error() == "no such file or directory" {
|
|
||||||
log.Printf("WARN: Unveil failed on %s", k)
|
|
||||||
} else if err != nil {
|
|
||||||
log.Fatal(fmt.Sprintf("%s :: %s\n%s", k, v,
|
|
||||||
err.Error()))
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
err = unveilCmds([]string{
|
|
||||||
"feh",
|
|
||||||
"gsettings",
|
|
||||||
"pcmanfm",
|
|
||||||
"notify-send",
|
|
||||||
})
|
|
||||||
if err != nil {
|
if err != nil {
|
||||||
log.Fatal(err)
|
log.Fatal(err)
|
||||||
}
|
}
|
||||||
|
@ -62,21 +48,3 @@ func unveil() {
|
||||||
log.Fatal(err)
|
log.Fatal(err)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
// unveilCmds will unveil commands.
|
|
||||||
func unveilCmds(cmds []string) error {
|
|
||||||
pathList := strings.Split(getEnv("PATH", ""), ":")
|
|
||||||
// Unveil each command.
|
|
||||||
for _, cmd := range cmds {
|
|
||||||
for _, path := range pathList {
|
|
||||||
err = unix.Unveil(fmt.Sprintf("%s/%s", path, cmd), "rx")
|
|
||||||
|
|
||||||
if err != nil && err.Error() != "no such file or directory" {
|
|
||||||
return fmt.Errorf("%s\n%s",
|
|
||||||
cmd,
|
|
||||||
err.Error())
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
return nil
|
|
||||||
}
|
|
||||||
|
|
5
go.mod
5
go.mod
|
@ -2,4 +2,7 @@ module tildegit.org/andinus/cetus
|
||||||
|
|
||||||
go 1.13
|
go 1.13
|
||||||
|
|
||||||
require golang.org/x/sys v0.0.0-20200331124033-c3d80250170d
|
require (
|
||||||
|
golang.org/x/sys v0.0.0-20200331124033-c3d80250170d
|
||||||
|
tildegit.org/andinus/lynx v0.1.0
|
||||||
|
)
|
||||||
|
|
2
go.sum
2
go.sum
|
@ -1,2 +1,4 @@
|
||||||
golang.org/x/sys v0.0.0-20200331124033-c3d80250170d h1:nc5K6ox/4lTFbMVSL9WRR81ixkcwXThoiF6yf+R9scA=
|
golang.org/x/sys v0.0.0-20200331124033-c3d80250170d h1:nc5K6ox/4lTFbMVSL9WRR81ixkcwXThoiF6yf+R9scA=
|
||||||
golang.org/x/sys v0.0.0-20200331124033-c3d80250170d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
|
golang.org/x/sys v0.0.0-20200331124033-c3d80250170d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
|
||||||
|
tildegit.org/andinus/lynx v0.1.0 h1:7YjyF8h7MBGKRgQZT0j0I3uHRPf3mI2GMiDujXVlLS0=
|
||||||
|
tildegit.org/andinus/lynx v0.1.0/go.mod h1:/PCNkKwfJ7pb6ziHa76a4gYp1R9S1Ro4ANjQwzSpBIk=
|
||||||
|
|
Loading…
Reference in New Issue