Add ReducePledges for easier reduction of pledges
This commit is contained in:
parent
38a2541667
commit
c48b0e8fcf
35
protect.go
35
protect.go
@ -7,6 +7,11 @@ figure it should be a package.
|
|||||||
*/
|
*/
|
||||||
package protect
|
package protect
|
||||||
|
|
||||||
|
import (
|
||||||
|
"regexp"
|
||||||
|
"strings"
|
||||||
|
)
|
||||||
|
|
||||||
// Unveil is a wrapper for OpenBSD's unveil(2). unveil can be used to limit
|
// Unveil is a wrapper for OpenBSD's unveil(2). unveil can be used to limit
|
||||||
// a processes view of the filesystem.
|
// a processes view of the filesystem.
|
||||||
//
|
//
|
||||||
@ -35,3 +40,33 @@ func UnveilBlock() error {
|
|||||||
func Pledge(promises string) error {
|
func Pledge(promises string) error {
|
||||||
return pledge(promises)
|
return pledge(promises)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// ReducePledges takes the current list of plpedges and a list of pledges that
|
||||||
|
// should be removed. The new list is returned and Pledge() will be called
|
||||||
|
// with the reduced set of pledges.
|
||||||
|
func ReducePledges(current, toRemove string) (string, error) {
|
||||||
|
newPledges, err := reduce(current, toRemove)
|
||||||
|
if err != nil {
|
||||||
|
return "", err
|
||||||
|
}
|
||||||
|
|
||||||
|
return newPledges, pledge(newPledges)
|
||||||
|
}
|
||||||
|
|
||||||
|
func reduce(a, b string) (string, error) {
|
||||||
|
var newList []string
|
||||||
|
currentList := strings.Split(a, " ")
|
||||||
|
|
||||||
|
for _, s := range currentList {
|
||||||
|
match, err := regexp.MatchString(s, b)
|
||||||
|
if err != nil {
|
||||||
|
return "", err
|
||||||
|
}
|
||||||
|
|
||||||
|
if !match {
|
||||||
|
newList = append(newList, s)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
return strings.Join(newList, " "), nil
|
||||||
|
}
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user