add OpenBSD unveil support
The unveil() system call first appeared in OpenBSD 6.4. For stagit it has the following properties now: - stagit-index: only read-access to the file-system for the specified directories/repositories. - stagit: read-access to the specified directory/repository. read-write and creation access to the current directory for the output files. read-write and creation access to the specified cache file.
| 2 files changed, 10 insertions(+), 0 deletions(-) | |||
|---|---|---|---|
| M | stagit-index.c | +3 | -0 |
| M | stagit.c | +7 | -0 |
1@@ -159,6 +159,9 @@ main(int argc, char *argv[])
2 git_libgit2_init();
3
4 #ifdef __OpenBSD__
5+ for (i = 1; i < argc; i++)
6+ if (unveil(argv[i],
"r") == -1)
7+ err(1,
"unveil: %s", argv[i]);
8 if (pledge("stdio rpath", NULL) ==
-1)
9 err(1,
"pledge");
10 #endif
1@@ -1095,6 +1095,13 @@ main(int argc, char *argv[])
2 git_libgit2_init();
3
4 #ifdef __OpenBSD__
5+ if (unveil(repodir, "r") == -1)
6+ err(1,
"unveil: %s", repodir);
7+ if
(unveil(".", "rwc") == -1)
8+ err(1,
"unveil: .");
9+ if (cachefile
&& unveil(cachefile, "rwc") == -1)
10+ err(1,
"unveil: %s", cachefile);
11+
12 if (cachefile) {
13 if
(pledge("stdio rpath wpath cpath fattr", NULL) == -1)
14 err(1,
"pledge");