Add UnveilSet

This commit is contained in:
Aaron Bieber 2021-09-21 16:30:41 -06:00
parent c48b0e8fcf
commit 3679c9b4de
4 changed files with 49 additions and 3 deletions

2
go.mod
View File

@ -2,4 +2,4 @@ module suah.dev/protect
go 1.14 go 1.14
require golang.org/x/sys v0.0.0-20200501145240-bc7a7d42d5c3 require golang.org/x/sys v0.0.0-20210917161153-d61c044b1678

4
go.sum
View File

@ -1,2 +1,2 @@
golang.org/x/sys v0.0.0-20200501145240-bc7a7d42d5c3 h1:5B6i6EAiSYyejWfvc5Rc9BbI3rzIsrrXfAQBWnYfn+w= golang.org/x/sys v0.0.0-20210917161153-d61c044b1678 h1:J27LZFQBFoihqXoegpscI10HpjZ7B5WQLLKL2FZXQKw=
golang.org/x/sys v0.0.0-20200501145240-bc7a7d42d5c3/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210917161153-d61c044b1678/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=

View File

@ -25,6 +25,23 @@ func Unveil(path string, flags string) error {
return unveil(path, flags) return unveil(path, flags)
} }
// UnveilSet takes a set of Unveils and runs them all, returning the first
// error encountered. Optionally call UnveilBlock at the end.
func UnveilSet(set map[string]string, block bool) error {
for p, s := range set {
err := Unveil(p, s)
if err != nil {
return err
}
}
if block {
return UnveilBlock()
}
return nil
}
// UnveilBlock locks the Unveil'd paths. Preventing further changes to a // UnveilBlock locks the Unveil'd paths. Preventing further changes to a
// processes filesystem view. // processes filesystem view.
// //

29
protect_test.go Normal file
View File

@ -0,0 +1,29 @@
package protect
import (
"testing"
)
func TestReduce(t *testing.T) {
expected := "stdio unix rpath cpath"
a := "stdio tty unix unveil rpath cpath wpath"
b := "unveil tty wpath"
n, err := reduce(a, b)
if err != nil {
t.Error(err)
}
if n != expected {
t.Errorf("reduce: expected %q got %q\n", expected, n)
}
c, err := reduce(n, "rpath cpath")
if err != nil {
t.Error(err)
}
if c != "stdio unix" {
t.Errorf("reduce: expected %q got %q\n", "stdio unix", c)
}
}