summary refs log tree commit diff
diff options
context:
space:
mode:
authorKlemens Nanni <klemens@posteo.de>2021-06-29 00:03:00 +0000
committerJune McEnroe <june@causal.agency>2021-07-13 15:16:22 -0400
commit5bfba6df528d2d57daac93708b0dca6360711a80 (patch)
tree076a294571970b487a5e0a60c8ed770d50b1ded2
parentOpenBSD: unveil logs regardless of restrict mode (diff)
downloadcatgirl-5bfba6df528d2d57daac93708b0dca6360711a80.tar.gz
catgirl-5bfba6df528d2d57daac93708b0dca6360711a80.zip
OpenBSD: merge unveil and pledge logic a bit
This reads somewhat clearer as code is grouped by features instead of
security mechanisms by simply merging identical tests/conditions.

No functional change.
-rw-r--r--chat.c11
1 files changed, 5 insertions, 6 deletions
diff --git a/chat.c b/chat.c
index 0bdb69c..ab0678a 100644
--- a/chat.c
+++ b/chat.c
@@ -282,24 +282,23 @@ int main(int argc, char *argv[]) {
 	}
 
 #ifdef __OpenBSD__
+	char promises[64] = "stdio tty";
+	char *ptr = &promises[strlen(promises)], *end = &promises[sizeof(promises)];
+
 	if (log) {
 		const char *logdir = dataMkdir("log");
 		int error = unveil(logdir, "wc");
 		if (error) err(EX_OSERR, "unveil");
+		ptr = seprintf(ptr, end, " wpath cpath");
 	}
 
 	if (!self.restricted) {
 		int error = unveil("/", "x");
 		if (error) err(EX_OSERR, "unveil");
+		ptr = seprintf(ptr, end, " proc exec");
 	}
 
-	char promises[64] = "stdio tty";
-	char *ptr = &promises[strlen(promises)], *end = &promises[sizeof(promises)];
-	if (log) ptr = seprintf(ptr, end, " wpath cpath");
-	if (!self.restricted) ptr = seprintf(ptr, end, " proc exec");
-
 	char *promisesInitial = ptr;
-
 	ptr = seprintf(ptr, end, " inet dns");
 	int error = pledge(promises, NULL);
 	if (error) err(EX_OSERR, "pledge");