Document Pledge functions in readme
The diff is messed up because the order was changed.
This commit is contained in:
parent
66b19e6e7e
commit
55b538e87c
127
README.org
127
README.org
|
@ -13,53 +13,6 @@ currently only /OpenBSD/ is supported.
|
||||||
| GitHub (Mirror) | [[https://github.com/andinus/lynx][Lynx - GitHub]] |
|
| GitHub (Mirror) | [[https://github.com/andinus/lynx][Lynx - GitHub]] |
|
||||||
|
|
||||||
* Examples
|
* Examples
|
||||||
** Unveil / UnveilStrict
|
|
||||||
Unveil takes a path, permission & unveils it, it will return an error if unveil
|
|
||||||
fails at any step. "no such file or directory" error is ignored, if you want to
|
|
||||||
get that error too then use UnveilStrict.
|
|
||||||
|
|
||||||
#+BEGIN_SRC go
|
|
||||||
package main
|
|
||||||
|
|
||||||
import "tildegit.org/andinus/lynx"
|
|
||||||
|
|
||||||
func main() {
|
|
||||||
path := "/dev/null"
|
|
||||||
flags := "rw"
|
|
||||||
|
|
||||||
err = lynx.Unveil(path, flags)
|
|
||||||
if err != nil {
|
|
||||||
log.Fatal(err)
|
|
||||||
}
|
|
||||||
|
|
||||||
// This will return an error if the path doesn't exist.
|
|
||||||
err = lynx.UnveilStrict(path, flags)
|
|
||||||
if err != nil {
|
|
||||||
log.Fatal(err)
|
|
||||||
}
|
|
||||||
}
|
|
||||||
#+END_SRC
|
|
||||||
** UnveilCommands
|
|
||||||
UnveilCommands takes a slice of commands & unveils them one by one, it will
|
|
||||||
return an error if unveil fails at any step. "no such file or directory" error
|
|
||||||
is ignored because binaries are not placed in every PATH.
|
|
||||||
|
|
||||||
Default permission is "rx".
|
|
||||||
|
|
||||||
#+BEGIN_SRC go
|
|
||||||
package main
|
|
||||||
|
|
||||||
import "tildegit.org/andinus/lynx"
|
|
||||||
|
|
||||||
func main() {
|
|
||||||
commands := []string{"cd", "ls", "rm"}
|
|
||||||
|
|
||||||
err = lynx.UnveilCommands(commands)
|
|
||||||
if err != nil {
|
|
||||||
log.Fatal(err)
|
|
||||||
}
|
|
||||||
}
|
|
||||||
#+END_SRC
|
|
||||||
** UnveilPaths / UnveilPathsStrict
|
** UnveilPaths / UnveilPathsStrict
|
||||||
UnveilPaths takes a map of path, permission & unveils them one by one, it will
|
UnveilPaths takes a map of path, permission & unveils them one by one, it will
|
||||||
return an error if unveil fails at any step. "no such file or directory" error
|
return an error if unveil fails at any step. "no such file or directory" error
|
||||||
|
@ -90,6 +43,27 @@ func main() {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
#+END_SRC
|
#+END_SRC
|
||||||
|
** UnveilCommands
|
||||||
|
UnveilCommands takes a slice of commands & unveils them one by one, it will
|
||||||
|
return an error if unveil fails at any step. "no such file or directory" error
|
||||||
|
is ignored because binaries are not placed in every PATH.
|
||||||
|
|
||||||
|
Default permission is "rx".
|
||||||
|
|
||||||
|
#+BEGIN_SRC go
|
||||||
|
package main
|
||||||
|
|
||||||
|
import "tildegit.org/andinus/lynx"
|
||||||
|
|
||||||
|
func main() {
|
||||||
|
commands := []string{"cd", "ls", "rm"}
|
||||||
|
|
||||||
|
err = lynx.UnveilCommands(commands)
|
||||||
|
if err != nil {
|
||||||
|
log.Fatal(err)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
#+END_SRC
|
||||||
** UnveilBlock
|
** UnveilBlock
|
||||||
UnveilBlock is just a wrapper around unix.UnveilBlock, it does nothing extra.
|
UnveilBlock is just a wrapper around unix.UnveilBlock, it does nothing extra.
|
||||||
You should use unix.UnveilBlock.
|
You should use unix.UnveilBlock.
|
||||||
|
@ -107,3 +81,62 @@ func main() {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
#+END_SRC
|
#+END_SRC
|
||||||
|
** Unveil / UnveilStrict
|
||||||
|
Unveil takes a path, permission & unveils it, it will return an error if unveil
|
||||||
|
fails at any step. "no such file or directory" error is ignored, if you want to
|
||||||
|
get that error too then use UnveilStrict.
|
||||||
|
|
||||||
|
#+BEGIN_SRC go
|
||||||
|
package main
|
||||||
|
|
||||||
|
import "tildegit.org/andinus/lynx"
|
||||||
|
|
||||||
|
func main() {
|
||||||
|
path := "/dev/null"
|
||||||
|
flags := "rw"
|
||||||
|
|
||||||
|
err = lynx.Unveil(path, flags)
|
||||||
|
if err != nil {
|
||||||
|
log.Fatal(err)
|
||||||
|
}
|
||||||
|
|
||||||
|
// This will return an error if the path doesn't exist.
|
||||||
|
err = lynx.UnveilStrict(path, flags)
|
||||||
|
if err != nil {
|
||||||
|
log.Fatal(err)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
#+END_SRC
|
||||||
|
** Pledge / PledgePromises / PledgeExecpromises
|
||||||
|
These are simple wrappers to unix package functions. They add nothing extra, you
|
||||||
|
could simply change lynx.Pledge to unix.Pledge & it would just work.
|
||||||
|
|
||||||
|
#+BEGIN_SRC go
|
||||||
|
package main
|
||||||
|
|
||||||
|
import "tildegit.org/andinus/lynx"
|
||||||
|
|
||||||
|
func main() {
|
||||||
|
promises := "stdio unveil"
|
||||||
|
execpromises := "stdio"
|
||||||
|
|
||||||
|
err = lynx.Pledge(promises, execpromises)
|
||||||
|
if err != nil {
|
||||||
|
log.Fatal(err)
|
||||||
|
}
|
||||||
|
|
||||||
|
// Drop promises.
|
||||||
|
promises = "stdio"
|
||||||
|
err = lynx.PledgePromises(promises)
|
||||||
|
if err != nil {
|
||||||
|
log.Fatal(err)
|
||||||
|
}
|
||||||
|
|
||||||
|
// Drop execpromises.
|
||||||
|
execpromises = ""
|
||||||
|
err = lynx.PledgeExecpromises(execpromises)
|
||||||
|
if err != nil {
|
||||||
|
log.Fatal(err)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
#+END_SRC
|
||||||
|
|
Loading…
Reference in New Issue