diff options
author | June McEnroe <june@causal.agency> | 2021-09-26 12:31:03 -0400 |
---|---|---|
committer | June McEnroe <june@causal.agency> | 2021-09-26 12:31:21 -0400 |
commit | c35bfea1aa298ce0fafaf49bbfd61e6a48a37f88 (patch) | |
tree | 018e84eddcbc520a725ee09ace5232d8e3963b74 | |
parent | OpenBSD: pledge(2) client (diff) | |
download | torus-c35bfea1aa298ce0fafaf49bbfd61e6a48a37f88.tar.gz torus-c35bfea1aa298ce0fafaf49bbfd61e6a48a37f88.zip |
OpenBSD: pledge(2) image
Diffstat (limited to '')
-rw-r--r-- | image.c | 17 |
1 files changed, 16 insertions, 1 deletions
diff --git a/image.c b/image.c index 80e2567..3abcc2e 100644 --- a/image.c +++ b/image.c @@ -204,11 +204,16 @@ static int streamWrite(void *cookie, const char *buf, int len) { static void worker(void) { struct kfcgi *fcgi; - enum kcgi_err error = khttp_fcgi_init( + int error = khttp_fcgi_init( &fcgi, Keys, KeysLen, Pages, PagesLen, PageTile ); if (error) errkcgi(EX_CONFIG, error, "khttp_fcgi_init"); +#ifdef __OpenBSD__ + error = pledge("stdio recvfd", NULL); + if (error) err(EX_OSERR, "pledge"); +#endif + for (;;) { struct kreq req; error = khttp_fcgi_parse(fcgi, &req); @@ -276,6 +281,16 @@ int main(int argc, char *argv[]) { fontLoad(fontPath); tilesMap(dataPath); +#ifdef __OpenBSD__ + if (kcgi) { + int error = pledge("stdio unix sendfd recvfd proc", NULL); + if (error) err(EX_OSERR, "pledge"); + } else { + int error = pledge("stdio", NULL); + if (error) err(EX_OSERR, "pledge"); + } +#endif + #ifdef __FreeBSD__ int error = cap_enter(); if (error) err(EX_OSERR, "cap_enter"); |