deduplicate docs / fix overview

This commit is contained in:
Aaron Bieber 2020-05-08 07:55:32 -06:00
parent d34a7e252f
commit 408f86d55f
3 changed files with 25 additions and 38 deletions

View File

@ -1,5 +1,3 @@
//+build !openbsd
/*
Package protect is a wrapper for OpenBSD's pledge(2) and unveil(2) system
calls.
@ -7,7 +5,6 @@
This library is trivial, but I found myself writing it often enough that I
figure it should be a package.
*/
package protect
// Unveil is a wrapper for OpenBSD's unveil(2). unveil can be used to limit
@ -19,16 +16,22 @@ package protect
// Preventing access to anything else.
//
// On non-OpenBSD machines this call is a noop.
func Unveil(path string, flags string) {}
func Unveil(path string, flags string) {
unveil(path, flags)
}
// UnveilBlock locks the Unveil'd paths. Preventing further changes to a
// processes filesystem view.
//
// On non-OpenBSD machines this call is a noop.
func UnveilBlock() error {}
func UnveilBlock() error {
return unveilBlock()
}
// Pledge wraps OpenBSD's pledge(2) system call. One can use this to limit
// the system calls a process can make.
//
// On non-OpenBSD machines this call is a noop.
func Pledge(promises string) {}
func Pledge(promises string) {
pledge(promises)
}

View File

@ -1,44 +1,19 @@
//+build openbsd
/*
Package protect is a wrapper for OpenBSD's pledge(2) and unveil(2) system
calls.
This library is trivial, but I found myself writing it often enough that I
figure it should be a package.
*/
package protect
import (
"golang.org/x/sys/unix"
)
// Unveil is a wrapper for OpenBSD's unveil(2). unveil can be used to limit
// a processes view of the filesystem.
//
// The first call to Unveil removes a processes visibility to everything
// except 'path'. Any subsequent calls expand the view to contain those
// paths. Finally a call to UnveilBlock will lock the view in place.
// Preventing access to anything else.
//
// On non-OpenBSD machines this call is a noop.
func Unveil(path string, flags string) {
func unveil(path string, flags string) {
unix.Unveil(path, flags)
}
// UnveilBlock locks the Unveil'd paths. Preventing further changes to a
// processes filesystem view.
//
// On non-OpenBSD machines this call is a noop.
func UnveilBlock() error {
func unveilBlock() error {
return unix.UnveilBlock()
}
// Pledge wraps OpenBSD's pledge(2) system call. One can use this to limit
// the system calls a process can make.
//
// On non-OpenBSD machines this call is a noop.
func Pledge(promises string) {
func pledge(promises string) {
unix.PledgePromises(promises)
}

9
protect_stubs.go Normal file
View File

@ -0,0 +1,9 @@
//+build !openbsd
package protect
func unveil(path string, flags string) {}
func unveilBlock() error {}
func pledge(promises string) {}