andinus/lynx
andinus
/
lynx
1
0
Fork 0
Code Issues Pull Requests Releases Activity
Lynx is a simple unveil wrapper https://andinus.nand.sh/lynx
8 Commits 1 Branch 4 Tags 42 KiB
Go 100%
Go to file
Andinus d3948a4c1b
Add example for UnveilPath / UnveilPathStrict in readme 		2020-04-15 00:35:05 +05:30
LICENSE Initial Commit 2020-04-06 12:36:14 +05:30
README.org Add example for UnveilPath / UnveilPathStrict in readme 2020-04-15 00:35:05 +05:30
block.go Compile for non OpenBSD systems 2020-04-15 00:24:55 +05:30
block_other.go Compile for non OpenBSD systems 2020-04-15 00:24:55 +05:30
commands.go Compile for non OpenBSD systems 2020-04-15 00:24:55 +05:30
commands_other.go Compile for non OpenBSD systems 2020-04-15 00:24:55 +05:30
go.mod Initial Commit 2020-04-06 12:36:14 +05:30
go.sum Initial Commit 2020-04-06 12:36:14 +05:30
path.go Compile for non OpenBSD systems 2020-04-15 00:24:55 +05:30
path_other.go Compile for non OpenBSD systems 2020-04-15 00:24:55 +05:30
paths.go Compile for non OpenBSD systems 2020-04-15 00:24:55 +05:30
paths_other.go Compile for non OpenBSD systems 2020-04-15 00:24:55 +05:30

README.org

Lynx

Lynx is a simple unveil wrapper. It returns nil on unsupported systems, currently only OpenBSD supports unveil.

Project Home Lynx
Source Code Andinus / Lynx
GitHub (Mirror) Lynx - GitHub

Examples

UnveilCommands

UnveilCommands takes a slice of commands & unveils them one by one, it will return an error if unveil fails at any step. "no such file or directory" error is ignored because binaries are not placed in every PATH.

Default permission is "rx".

package main

import "tildegit.org/andinus/lynx"

func main() {
	commands := []string{"cd", "ls", "rm"}

	err = lynx.UnveilCommands(commands)
	if err != nil {
		log.Fatal(err)
	}
}

UnveilPaths / UnveilPathsStrict

UnveilPaths takes a map of path, permission & unveils them one by one, it will return an error if unveil fails at any step. "no such file or directory" error is ignored, if you want to get that error too then use UnveilPathsStrict.

package main

import "tildegit.org/andinus/lynx"

func main() {
	paths := make(map[string]string)

	paths["/home"] = "r"
	paths["/dev/null"] = "rw"
	paths["/etc/examples"] = "rwc"
	paths["/root"] = "rwcx"

	err = lynx.UnveilPaths(paths)
	if err != nil {
		log.Fatal(err)
	}

	// This will return an error if the path doesn't exist.
	err = lynx.UnveilPathsStrict(paths)
	if err != nil {
		log.Fatal(err)
	}
}

UnveilPath / UnveilPathStrict

UnveilPath takes a path, permission & unveils it, it will return an error if unveil fails at any step. "no such file or directory" error is ignored, if you want to get that error too then use UnveilPathStrict.

package main

import "tildegit.org/andinus/lynx"

func main() {
	path := "/dev/null"
	flags := "rw"

	err = lynx.UnveilPath(path)
	if err != nil {
		log.Fatal(err)
	}

	// This will return an error if the path doesn't exist.
	err = lynx.UnveilPathStrict(path)
	if err != nil {
		log.Fatal(err)
	}
}

UnveilBlock

UnveilBlock is just a wrapper around unix.UnveilBlock, it does nothing extra. You should use unix.UnveilBlock.

package main

import "tildegit.org/andinus/lynx"

func main() {
	// Block further unveil calls.
	err = lynx.UnveilBlock()
	if err != nil {
		log.Fatal(err)
	}
}