deduplicate docs / fix overview
This commit is contained in:
parent
d34a7e252f
commit
408f86d55f
15
protect.go
15
protect.go
@ -1,5 +1,3 @@
|
||||
//+build !openbsd
|
||||
|
||||
/*
|
||||
Package protect is a wrapper for OpenBSD's pledge(2) and unveil(2) system
|
||||
calls.
|
||||
@ -7,7 +5,6 @@
|
||||
This library is trivial, but I found myself writing it often enough that I
|
||||
figure it should be a package.
|
||||
*/
|
||||
|
||||
package protect
|
||||
|
||||
// Unveil is a wrapper for OpenBSD's unveil(2). unveil can be used to limit
|
||||
@ -19,16 +16,22 @@ package protect
|
||||
// Preventing access to anything else.
|
||||
//
|
||||
// On non-OpenBSD machines this call is a noop.
|
||||
func Unveil(path string, flags string) {}
|
||||
func Unveil(path string, flags string) {
|
||||
unveil(path, flags)
|
||||
}
|
||||
|
||||
// UnveilBlock locks the Unveil'd paths. Preventing further changes to a
|
||||
// processes filesystem view.
|
||||
//
|
||||
// On non-OpenBSD machines this call is a noop.
|
||||
func UnveilBlock() error {}
|
||||
func UnveilBlock() error {
|
||||
return unveilBlock()
|
||||
}
|
||||
|
||||
// Pledge wraps OpenBSD's pledge(2) system call. One can use this to limit
|
||||
// the system calls a process can make.
|
||||
//
|
||||
// On non-OpenBSD machines this call is a noop.
|
||||
func Pledge(promises string) {}
|
||||
func Pledge(promises string) {
|
||||
pledge(promises)
|
||||
}
|
||||
|
@ -1,44 +1,19 @@
|
||||
//+build openbsd
|
||||
|
||||
/*
|
||||
Package protect is a wrapper for OpenBSD's pledge(2) and unveil(2) system
|
||||
calls.
|
||||
|
||||
This library is trivial, but I found myself writing it often enough that I
|
||||
figure it should be a package.
|
||||
*/
|
||||
|
||||
package protect
|
||||
|
||||
import (
|
||||
"golang.org/x/sys/unix"
|
||||
)
|
||||
|
||||
// Unveil is a wrapper for OpenBSD's unveil(2). unveil can be used to limit
|
||||
// a processes view of the filesystem.
|
||||
//
|
||||
// The first call to Unveil removes a processes visibility to everything
|
||||
// except 'path'. Any subsequent calls expand the view to contain those
|
||||
// paths. Finally a call to UnveilBlock will lock the view in place.
|
||||
// Preventing access to anything else.
|
||||
//
|
||||
// On non-OpenBSD machines this call is a noop.
|
||||
func Unveil(path string, flags string) {
|
||||
func unveil(path string, flags string) {
|
||||
unix.Unveil(path, flags)
|
||||
}
|
||||
|
||||
// UnveilBlock locks the Unveil'd paths. Preventing further changes to a
|
||||
// processes filesystem view.
|
||||
//
|
||||
// On non-OpenBSD machines this call is a noop.
|
||||
func UnveilBlock() error {
|
||||
func unveilBlock() error {
|
||||
return unix.UnveilBlock()
|
||||
}
|
||||
|
||||
// Pledge wraps OpenBSD's pledge(2) system call. One can use this to limit
|
||||
// the system calls a process can make.
|
||||
//
|
||||
// On non-OpenBSD machines this call is a noop.
|
||||
func Pledge(promises string) {
|
||||
func pledge(promises string) {
|
||||
unix.PledgePromises(promises)
|
||||
}
|
||||
|
9
protect_stubs.go
Normal file
9
protect_stubs.go
Normal file
@ -0,0 +1,9 @@
|
||||
//+build !openbsd
|
||||
|
||||
package protect
|
||||
|
||||
func unveil(path string, flags string) {}
|
||||
|
||||
func unveilBlock() error {}
|
||||
|
||||
func pledge(promises string) {}
|
Loading…
Reference in New Issue
Block a user