diff options
-rw-r--r-- | daemon.c | 25 |
1 files changed, 24 insertions, 1 deletions
diff --git a/daemon.c b/daemon.c index 785504f..03955bd 100644 --- a/daemon.c +++ b/daemon.c @@ -19,6 +19,7 @@ #include <fcntl.h> #include <fnmatch.h> #include <grp.h> +#include <paths.h> #include <poll.h> #include <pwd.h> #include <signal.h> @@ -189,7 +190,9 @@ static void setTitle(void) { } int main(int argc, char *argv[]) { + int error; setprogname(argv[0]); + openlog(getprogname(), LOG_NDELAY | LOG_PID | LOG_PERROR, LOG_DAEMON); bool daemonize = true; setAdd(&stopExits, EX_USAGE); @@ -220,8 +223,28 @@ int main(int argc, char *argv[]) { break; default: return EX_USAGE; } } + +#ifdef __OpenBSD__ + if (pidPath) { + error = unveil(pidPath, "cw"); + if (error) err(EX_OSERR, "unveil"); + } + error = unveil(fifoPath, "crw") + || unveil(configPath, "r") + || unveil("/", "r") + || unveil("/dev/null", "rw") + || unveil(serviceDir, "r") + || unveil(_PATH_BSHELL, "x") + || unveil(NULL, NULL); + if (error) err(EX_OSERR, "unveil"); + + error = pledge( + "stdio cpath dpath rpath wpath flock getpw proc exec id", NULL + ); + if (error) err(EX_OSERR, "pledge"); +#endif - int error = access(serviceDir, X_OK); + error = access(serviceDir, X_OK); if (error) err(EX_NOINPUT, "%s", serviceDir); errno = 0; |