diff options
author | Klemens Nanni <klemens@posteo.de> | 2021-06-29 00:03:00 +0000 |
---|---|---|
committer | June McEnroe <june@causal.agency> | 2021-07-04 19:46:01 -0400 |
commit | 577ed33bb63e2150350ff93b028c472d45ee6e58 (patch) | |
tree | 12b7f5c372d00812fee784723cf943620716f79b | |
parent | OpenBSD: unveil logs regardless of restrict mode (diff) | |
download | catgirl-577ed33bb63e2150350ff93b028c472d45ee6e58.tar.gz catgirl-577ed33bb63e2150350ff93b028c472d45ee6e58.zip |
OpenBSD: merge unveil and pledge logic a bit
This reads somewhat clearer as code is grouped by features instead of security mechanisms by simply merging identical tests/conditions. No functional change.
-rw-r--r-- | chat.c | 11 |
1 files changed, 5 insertions, 6 deletions
diff --git a/chat.c b/chat.c index 0bdb69c..ab0678a 100644 --- a/chat.c +++ b/chat.c @@ -282,24 +282,23 @@ int main(int argc, char *argv[]) { } #ifdef __OpenBSD__ + char promises[64] = "stdio tty"; + char *ptr = &promises[strlen(promises)], *end = &promises[sizeof(promises)]; + if (log) { const char *logdir = dataMkdir("log"); int error = unveil(logdir, "wc"); if (error) err(EX_OSERR, "unveil"); + ptr = seprintf(ptr, end, " wpath cpath"); } if (!self.restricted) { int error = unveil("/", "x"); if (error) err(EX_OSERR, "unveil"); + ptr = seprintf(ptr, end, " proc exec"); } - char promises[64] = "stdio tty"; - char *ptr = &promises[strlen(promises)], *end = &promises[sizeof(promises)]; - if (log) ptr = seprintf(ptr, end, " wpath cpath"); - if (!self.restricted) ptr = seprintf(ptr, end, " proc exec"); - char *promisesInitial = ptr; - ptr = seprintf(ptr, end, " inet dns"); int error = pledge(promises, NULL); if (error) err(EX_OSERR, "pledge"); |