Add unveil functions

2020-04-25 17:26:10 +05:30 · 2020-04-25 17:26:10 +05:30 · 5fb5e4f21f
parent e9e268d945
commit 5fb5e4f21f
3 changed files with 46 additions and 0 deletions
--- a/go.mod
+++ b/go.mod
@ -1,3 +1,5 @@
 module tildegit.org/andinus/pavo

 go 1.13
+
+require tildegit.org/andinus/lynx v0.4.0
--- a/go.sum
+++ b/go.sum
@ -0,0 +1,4 @@
+golang.org/x/sys v0.0.0-20200331124033-c3d80250170d h1:nc5K6ox/4lTFbMVSL9WRR81ixkcwXThoiF6yf+R9scA=
+golang.org/x/sys v0.0.0-20200331124033-c3d80250170d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+tildegit.org/andinus/lynx v0.4.0 h1:bAxZLOdWy66+qJ3bDWjkbmJfCWTIOZ8hMGzYt7T7Bxk=
+tildegit.org/andinus/lynx v0.4.0/go.mod h1:/PCNkKwfJ7pb6ziHa76a4gYp1R9S1Ro4ANjQwzSpBIk=
--- a/unveil.go
+++ b/unveil.go
@ -0,0 +1,40 @@
+package main
+
+import (
+	"fmt"
+	"os"
+
+	"tildegit.org/andinus/lynx"
+)
+
+// blockUnveil func blocks further unveil calls.
+func blockUnveil() {
+	err := lynx.UnveilBlock()
+	if err != nil {
+		fmt.Printf("%s :: %s",
+			"UnveilBlock() failed",
+			err.Error())
+		os.Exit(1)
+	}
+
+	// We drop unveil from promises after blocking it. We drop
+	// rpath too because the config file has been read.
+	err = lynx.PledgePromises("stdio exec")
+	if err != nil {
+		fmt.Printf("%s :: %s",
+			"blockUnveil failed",
+			err.Error())
+		os.Exit(1)
+	}
+}
+
+// initUnveil initializes unveil for inital use.
+func initUnveil() {
+	err := lynx.Unveil(configFile, "rc")
+	if err != nil {
+		fmt.Printf("%s :: %s",
+			"Unveil configFile failed",
+			err.Error())
+		os.Exit(1)
+	}
+}