Andinus 66b19e6e7e | ||
---|---|---|
LICENSE | ||
README.org | ||
block.go | ||
block_other.go | ||
commands.go | ||
commands_other.go | ||
go.mod | ||
go.sum | ||
paths.go | ||
paths_other.go | ||
pledge.go | ||
pledge_other.go | ||
unveil.go | ||
unveil_other.go |
README.org
Lynx
Lynx is a simple unveil & pledge wrapper. It returns nil on unsupported systems, currently only OpenBSD is supported.
Project Home | Lynx |
Source Code | Andinus / Lynx |
GitHub (Mirror) | Lynx - GitHub |
Examples
Unveil / UnveilStrict
Unveil takes a path, permission & unveils it, it will return an error if unveil fails at any step. "no such file or directory" error is ignored, if you want to get that error too then use UnveilStrict.
package main
import "tildegit.org/andinus/lynx"
func main() {
path := "/dev/null"
flags := "rw"
err = lynx.Unveil(path, flags)
if err != nil {
log.Fatal(err)
}
// This will return an error if the path doesn't exist.
err = lynx.UnveilStrict(path, flags)
if err != nil {
log.Fatal(err)
}
}
UnveilCommands
UnveilCommands takes a slice of commands & unveils them one by one, it will return an error if unveil fails at any step. "no such file or directory" error is ignored because binaries are not placed in every PATH.
Default permission is "rx".
package main
import "tildegit.org/andinus/lynx"
func main() {
commands := []string{"cd", "ls", "rm"}
err = lynx.UnveilCommands(commands)
if err != nil {
log.Fatal(err)
}
}
UnveilPaths / UnveilPathsStrict
UnveilPaths takes a map of path, permission & unveils them one by one, it will return an error if unveil fails at any step. "no such file or directory" error is ignored, if you want to get that error too then use UnveilPathsStrict.
package main
import "tildegit.org/andinus/lynx"
func main() {
paths := make(map[string]string)
paths["/home"] = "r"
paths["/dev/null"] = "rw"
paths["/etc/examples"] = "rwc"
paths["/root"] = "rwcx"
err = lynx.UnveilPaths(paths)
if err != nil {
log.Fatal(err)
}
// This will return an error if the path doesn't exist.
err = lynx.UnveilPathsStrict(paths)
if err != nil {
log.Fatal(err)
}
}
UnveilBlock
UnveilBlock is just a wrapper around unix.UnveilBlock, it does nothing extra. You should use unix.UnveilBlock.
package main
import "tildegit.org/andinus/lynx"
func main() {
// Block further unveil calls.
err = lynx.UnveilBlock()
if err != nil {
log.Fatal(err)
}
}