summary refs log tree commit diff
path: root/daemon.c
diff options
context:
space:
mode:
authorJune McEnroe <june@causal.agency>2020-08-17 16:38:22 -0400
committerJune McEnroe <june@causal.agency>2020-08-17 16:38:22 -0400
commit296e40887bea88959cf496221ec8a9e0a665b726 (patch)
treebdfd2723ce3e5dc0abc0fbae8fd467d0ec69c3e8 /daemon.c
parentUse a separate fd for the fake fifo writer (diff)
downloadcatsit-296e40887bea88959cf496221ec8a9e0a665b726.tar.gz
catsit-296e40887bea88959cf496221ec8a9e0a665b726.zip
Use pledge(2) and unveil(2) on OpenBSD
Diffstat (limited to '')
-rw-r--r--daemon.c25
1 files changed, 24 insertions, 1 deletions
diff --git a/daemon.c b/daemon.c
index 785504f..03955bd 100644
--- a/daemon.c
+++ b/daemon.c
@@ -19,6 +19,7 @@
 #include <fcntl.h>
 #include <fnmatch.h>
 #include <grp.h>
+#include <paths.h>
 #include <poll.h>
 #include <pwd.h>
 #include <signal.h>
@@ -189,7 +190,9 @@ static void setTitle(void) {
 }
 
 int main(int argc, char *argv[]) {
+	int error;
 	setprogname(argv[0]);
+	openlog(getprogname(), LOG_NDELAY | LOG_PID | LOG_PERROR, LOG_DAEMON);
 
 	bool daemonize = true;
 	setAdd(&stopExits, EX_USAGE);
@@ -220,8 +223,28 @@ int main(int argc, char *argv[]) {
 			break; default:  return EX_USAGE;
 		}
 	}
+
+#ifdef __OpenBSD__
+	if (pidPath) {
+		error = unveil(pidPath, "cw");
+		if (error) err(EX_OSERR, "unveil");
+	}
+	error = unveil(fifoPath, "crw")
+		|| unveil(configPath, "r")
+		|| unveil("/", "r")
+		|| unveil("/dev/null", "rw")
+		|| unveil(serviceDir, "r")
+		|| unveil(_PATH_BSHELL, "x")
+		|| unveil(NULL, NULL);
+	if (error) err(EX_OSERR, "unveil");
+
+	error = pledge(
+		"stdio cpath dpath rpath wpath flock getpw proc exec id", NULL
+	);
+	if (error) err(EX_OSERR, "pledge");
+#endif
 	
-	int error = access(serviceDir, X_OK);
+	error = access(serviceDir, X_OK);
 	if (error) err(EX_NOINPUT, "%s", serviceDir);
 
 	errno = 0;