qbit/protect
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

deduplicate docs / fix overview

Browse Source
This commit is contained in:
Aaron Bieber 2020-05-08 07:55:32 -06:00
parent d34a7e252f
commit 408f86d55f
3 changed files with 25 additions and 38 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
protect.go
View File

@ -1,13 +1,10 @@
//+build !openbsd
/* /*
Package protect is a wrapper for OpenBSD's pledge(2) and unveil(2) system Package protect is a wrapper for OpenBSD's pledge(2) and unveil(2) system
calls. calls.
This library is trivial, but I found myself writing it often enough that I This library is trivial, but I found myself writing it often enough that I
figure it should be a package. figure it should be a package.
*/ */
package protect package protect
// Unveil is a wrapper for OpenBSD's unveil(2). unveil can be used to limit // Unveil is a wrapper for OpenBSD's unveil(2). unveil can be used to limit
@ -19,16 +16,22 @@ package protect
// Preventing access to anything else. // Preventing access to anything else.
// //
// On non-OpenBSD machines this call is a noop. // On non-OpenBSD machines this call is a noop.
func Unveil(path string, flags string) {} func Unveil(path string, flags string) {
unveil(path, flags)
}
// UnveilBlock locks the Unveil'd paths. Preventing further changes to a // UnveilBlock locks the Unveil'd paths. Preventing further changes to a
// processes filesystem view. // processes filesystem view.
// //
// On non-OpenBSD machines this call is a noop. // On non-OpenBSD machines this call is a noop.
func UnveilBlock() error {} func UnveilBlock() error {
return unveilBlock()
}
// Pledge wraps OpenBSD's pledge(2) system call. One can use this to limit // Pledge wraps OpenBSD's pledge(2) system call. One can use this to limit
// the system calls a process can make. // the system calls a process can make.
// //
// On non-OpenBSD machines this call is a noop. // On non-OpenBSD machines this call is a noop.
func Pledge(promises string) {} func Pledge(promises string) {
pledge(promises)
}

31
protect_openbsd.go
View File

@ -1,44 +1,19 @@
//+build openbsd //+build openbsd
/*
Package protect is a wrapper for OpenBSD's pledge(2) and unveil(2) system
calls.
This library is trivial, but I found myself writing it often enough that I
figure it should be a package.
*/
package protect package protect
import ( import (
"golang.org/x/sys/unix" "golang.org/x/sys/unix"
) )
// Unveil is a wrapper for OpenBSD's unveil(2). unveil can be used to limit func unveil(path string, flags string) {
// a processes view of the filesystem.
//
// The first call to Unveil removes a processes visibility to everything
// except 'path'. Any subsequent calls expand the view to contain those
// paths. Finally a call to UnveilBlock will lock the view in place.
// Preventing access to anything else.
//
// On non-OpenBSD machines this call is a noop.
func Unveil(path string, flags string) {
unix.Unveil(path, flags) unix.Unveil(path, flags)
} }
// UnveilBlock locks the Unveil'd paths. Preventing further changes to a func unveilBlock() error {
// processes filesystem view.
//
// On non-OpenBSD machines this call is a noop.
func UnveilBlock() error {
return unix.UnveilBlock() return unix.UnveilBlock()
} }
// Pledge wraps OpenBSD's pledge(2) system call. One can use this to limit func pledge(promises string) {
// the system calls a process can make.
//
// On non-OpenBSD machines this call is a noop.
func Pledge(promises string) {
unix.PledgePromises(promises) unix.PledgePromises(promises)
} }

9
protect_stubs.go Normal file
View File

@ -0,0 +1,9 @@
//+build !openbsd
package protect
func unveil(path string, flags string) {}
func unveilBlock() error {}
func pledge(promises string) {}