Add UnveilSet
This commit is contained in:
parent
c48b0e8fcf
commit
3679c9b4de
2
go.mod
2
go.mod
@ -2,4 +2,4 @@ module suah.dev/protect
|
||||
|
||||
go 1.14
|
||||
|
||||
require golang.org/x/sys v0.0.0-20200501145240-bc7a7d42d5c3
|
||||
require golang.org/x/sys v0.0.0-20210917161153-d61c044b1678
|
||||
|
4
go.sum
4
go.sum
@ -1,2 +1,2 @@
|
||||
golang.org/x/sys v0.0.0-20200501145240-bc7a7d42d5c3 h1:5B6i6EAiSYyejWfvc5Rc9BbI3rzIsrrXfAQBWnYfn+w=
|
||||
golang.org/x/sys v0.0.0-20200501145240-bc7a7d42d5c3/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
|
||||
golang.org/x/sys v0.0.0-20210917161153-d61c044b1678 h1:J27LZFQBFoihqXoegpscI10HpjZ7B5WQLLKL2FZXQKw=
|
||||
golang.org/x/sys v0.0.0-20210917161153-d61c044b1678/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
|
||||
|
17
protect.go
17
protect.go
@ -25,6 +25,23 @@ func Unveil(path string, flags string) error {
|
||||
return unveil(path, flags)
|
||||
}
|
||||
|
||||
// UnveilSet takes a set of Unveils and runs them all, returning the first
|
||||
// error encountered. Optionally call UnveilBlock at the end.
|
||||
func UnveilSet(set map[string]string, block bool) error {
|
||||
for p, s := range set {
|
||||
err := Unveil(p, s)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
}
|
||||
|
||||
if block {
|
||||
return UnveilBlock()
|
||||
}
|
||||
|
||||
return nil
|
||||
}
|
||||
|
||||
// UnveilBlock locks the Unveil'd paths. Preventing further changes to a
|
||||
// processes filesystem view.
|
||||
//
|
||||
|
29
protect_test.go
Normal file
29
protect_test.go
Normal file
@ -0,0 +1,29 @@
|
||||
package protect
|
||||
|
||||
import (
|
||||
"testing"
|
||||
)
|
||||
|
||||
func TestReduce(t *testing.T) {
|
||||
expected := "stdio unix rpath cpath"
|
||||
a := "stdio tty unix unveil rpath cpath wpath"
|
||||
b := "unveil tty wpath"
|
||||
|
||||
n, err := reduce(a, b)
|
||||
if err != nil {
|
||||
t.Error(err)
|
||||
}
|
||||
|
||||
if n != expected {
|
||||
t.Errorf("reduce: expected %q got %q\n", expected, n)
|
||||
}
|
||||
|
||||
c, err := reduce(n, "rpath cpath")
|
||||
if err != nil {
|
||||
t.Error(err)
|
||||
}
|
||||
|
||||
if c != "stdio unix" {
|
||||
t.Errorf("reduce: expected %q got %q\n", "stdio unix", c)
|
||||
}
|
||||
}
|
Loading…
Reference in New Issue
Block a user