OpenBSD: pledge(2) image

author: June McEnroe <june@causal.agency> 2021-09-26 12:31:03 -0400
committer: June McEnroe <june@causal.agency> 2021-09-26 12:31:21 -0400
commit: c35bfea1aa298ce0fafaf49bbfd61e6a48a37f88 (patch)
tree: 018e84eddcbc520a725ee09ace5232d8e3963b74
parent: OpenBSD: pledge(2) client (diff)
download: torus-c35bfea1aa298ce0fafaf49bbfd61e6a48a37f88.tar.gz
torus-c35bfea1aa298ce0fafaf49bbfd61e6a48a37f88.zip
1 files changed, 16 insertions, 1 deletions
diff --git a/image.c b/image.c
index 80e2567..3abcc2e 100644
--- a/image.c
+++ b/image.c
@@ -204,11 +204,16 @@ static int streamWrite(void *cookie, const char *buf, int len) {
 
 static void worker(void) {
 	struct kfcgi *fcgi;
-	enum kcgi_err error = khttp_fcgi_init(
+	int error = khttp_fcgi_init(
 		&fcgi, Keys, KeysLen, Pages, PagesLen, PageTile
 	);
 	if (error) errkcgi(EX_CONFIG, error, "khttp_fcgi_init");
 
+#ifdef __OpenBSD__
+	error = pledge("stdio recvfd", NULL);
+	if (error) err(EX_OSERR, "pledge");
+#endif
+
 	for (;;) {
 		struct kreq req;
 		error = khttp_fcgi_parse(fcgi, &req);
@@ -276,6 +281,16 @@ int main(int argc, char *argv[]) {
 	fontLoad(fontPath);
 	tilesMap(dataPath);
 
+#ifdef __OpenBSD__
+	if (kcgi) {
+		int error = pledge("stdio unix sendfd recvfd proc", NULL);
+		if (error) err(EX_OSERR, "pledge");
+	} else {
+		int error = pledge("stdio", NULL);
+		if (error) err(EX_OSERR, "pledge");
+	}
+#endif
+
 #ifdef __FreeBSD__
 	int error = cap_enter();
 	if (error) err(EX_OSERR, "cap_enter");
author	June McEnroe <june@causal.agency>	2021-09-26 12:31:03 -0400
committer	June McEnroe <june@causal.agency>	2021-09-26 12:31:21 -0400
commit	c35bfea1aa298ce0fafaf49bbfd61e6a48a37f88 (patch)
tree	018e84eddcbc520a725ee09ace5232d8e3963b74
parent	OpenBSD: pledge(2) client (diff)
download	torus-c35bfea1aa298ce0fafaf49bbfd61e6a48a37f88.tar.gz torus-c35bfea1aa298ce0fafaf49bbfd61e6a48a37f88.zip