intial

LICENSE

@@ -0,0 +1,15 @@
+/*
+ * Copyright (c) 2020 Aaron Bieber <aaron@bolddaemon.com>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */

go.mod

@@ -0,0 +1,5 @@
+module suah.dev/protect
+
+go 1.14
+
+require golang.org/x/sys v0.0.0-20200501145240-bc7a7d42d5c3

go.sum

@@ -0,0 +1,2 @@
+golang.org/x/sys v0.0.0-20200501145240-bc7a7d42d5c3 h1:5B6i6EAiSYyejWfvc5Rc9BbI3rzIsrrXfAQBWnYfn+w=
+golang.org/x/sys v0.0.0-20200501145240-bc7a7d42d5c3/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=

protect.go

@@ -0,0 +1,34 @@
+//+build !openbsd
+
+/*
+   Package protect is a wrapper for OpenBSD's pledge(2) and unveil(2) system
+   calls.
+
+   This library is trivial, but I found myself writing it often enough that I
+   figure it should be a package.
+*/
+
+package protect
+
+// Unveil is a wrapper for OpenBSD's unveil(2). unveil can be used to limit
+// a processes view of the filesystem.
+//
+// The first call to Unveil removes a processes visibility to everything
+// except 'path'. Any subsequent calls expand the view to contain those
+// paths. Finally a call to UnveilBlock will lock the view in place.
+// Preventing access to anything else.
+//
+// On non-OpenBSD machines this call is a noop.
+func Unveil(path string, flags string) {}
+
+// UnveilBlock locks the Unveil'd paths. Preventing further changes to a
+// processes filesystem view.
+//
+// On non-OpenBSD machines this call is a noop.
+func UnveilBlock() {}
+
+// Pledge wraps OpenBSD's pledge(2) system call. One can use this to limit
+// the system calls a process can make.
+//
+// On non-OpenBSD machines this call is a noop.
+func Pledge(promises string) {}

protect_openbsd.go

@@ -0,0 +1,44 @@
+//+build openbsd
+
+/*
+   Package protect is a wrapper for OpenBSD's pledge(2) and unveil(2) system
+   calls.
+
+   This library is trivial, but I found myself writing it often enough that I
+   figure it should be a package.
+*/
+
+package protect
+
+import (
+	"golang.org/x/sys/unix"
+)
+
+// Unveil is a wrapper for OpenBSD's unveil(2). unveil can be used to limit
+// a processes view of the filesystem.
+//
+// The first call to Unveil removes a processes visibility to everything
+// except 'path'. Any subsequent calls expand the view to contain those
+// paths. Finally a call to UnveilBlock will lock the view in place.
+// Preventing access to anything else.
+//
+// On non-OpenBSD machines this call is a noop.
+func Unveil(path string, flags string) {
+	unix.Unveil(path, flags)
+}
+
+// UnveilBlock locks the Unveil'd paths. Preventing further changes to a
+// processes filesystem view.
+//
+// On non-OpenBSD machines this call is a noop.
+func UnveilBlock() {
+	unix.UnveilBlock()
+}
+
+// Pledge wraps OpenBSD's pledge(2) system call. One can use this to limit
+// the system calls a process can make.
+//
+// On non-OpenBSD machines this call is a noop.
+func Pledge(promises string) {
+	unix.PledgePromises(promises)
+}