diff options
author | Hiltjo Posthuma <[email protected]> | 2019-12-01 18:31:07 +0100 |
---|---|---|
committer | Hiltjo Posthuma <[email protected]> | 2019-12-01 18:31:07 +0100 |
commit | edee68f398f5b190f4be0127338956c0a2500662 (patch) | |
tree | 94788cd2df391b83cc7782a89d690302bd5216f0 /stagit.c | |
parent | b5607f75afb9c6e6e6ab49128f9760d3538809cd (diff) | |
download | stagit-edee68f398f5b190f4be0127338956c0a2500662.tar.gz stagit-edee68f398f5b190f4be0127338956c0a2500662.zip |
add OpenBSD unveil support
The unveil() system call first appeared in OpenBSD 6.4.
For stagit it has the following properties now:
- stagit-index: only read-access to the file-system for the specified
directories/repositories.
- stagit: read-access to the specified directory/repository.
read-write and creation access to the current directory for the output files.
read-write and creation access to the specified cache file.
Diffstat (limited to 'stagit.c')
-rw-r--r-- | stagit.c | 7 |
1 files changed, 7 insertions, 0 deletions
@@ -1095,6 +1095,13 @@ main(int argc, char *argv[]) git_libgit2_init(); #ifdef __OpenBSD__ + if (unveil(repodir, "r") == -1) + err(1, "unveil: %s", repodir); + if (unveil(".", "rwc") == -1) + err(1, "unveil: ."); + if (cachefile && unveil(cachefile, "rwc") == -1) + err(1, "unveil: %s", cachefile); + if (cachefile) { if (pledge("stdio rpath wpath cpath fattr", NULL) == -1) err(1, "pledge"); |