diff options
Diffstat (limited to 'vendor/golang.org/x/sys/unix/openbsd_pledge.go')
-rw-r--r-- | vendor/golang.org/x/sys/unix/openbsd_pledge.go | 99 |
1 files changed, 85 insertions, 14 deletions
diff --git a/vendor/golang.org/x/sys/unix/openbsd_pledge.go b/vendor/golang.org/x/sys/unix/openbsd_pledge.go index 11388e5..230a36d 100644 --- a/vendor/golang.org/x/sys/unix/openbsd_pledge.go +++ b/vendor/golang.org/x/sys/unix/openbsd_pledge.go @@ -15,10 +15,6 @@ import ( "unsafe" ) -const ( - _SYS_PLEDGE = 108 -) - // Pledge implements the pledge syscall. // // The pledge syscall does not accept execpromises on OpenBSD releases @@ -34,15 +30,9 @@ func Pledge(promises, execpromises string) error { return err } - // If OpenBSD <= 5.9, pledge is not available. - if (maj == 5 && min != 9) || maj < 5 { - return fmt.Errorf("pledge syscall is not available on OpenBSD %d.%d", maj, min) - } - - // If OpenBSD <= 6.2 and execpromises is not empty - // return an error - execpromises is not available before 6.3 - if (maj < 6 || (maj == 6 && min <= 2)) && execpromises != "" { - return fmt.Errorf("cannot use execpromises on OpenBSD %d.%d", maj, min) + err = pledgeAvailable(maj, min, execpromises) + if err != nil { + return err } pptr, err := syscall.BytePtrFromString(promises) @@ -63,7 +53,71 @@ func Pledge(promises, execpromises string) error { expr = unsafe.Pointer(exptr) } - _, _, e := syscall.Syscall(_SYS_PLEDGE, uintptr(unsafe.Pointer(pptr)), uintptr(expr), 0) + _, _, e := syscall.Syscall(SYS_PLEDGE, uintptr(unsafe.Pointer(pptr)), uintptr(expr), 0) + if e != 0 { + return e + } + + return nil +} + +// PledgePromises implements the pledge syscall. +// +// This changes the promises and leaves the execpromises untouched. +// +// For more information see pledge(2). +func PledgePromises(promises string) error { + maj, min, err := majmin() + if err != nil { + return err + } + + err = pledgeAvailable(maj, min, "") + if err != nil { + return err + } + + // This variable holds the execpromises and is always nil. + var expr unsafe.Pointer + + pptr, err := syscall.BytePtrFromString(promises) + if err != nil { + return err + } + + _, _, e := syscall.Syscall(SYS_PLEDGE, uintptr(unsafe.Pointer(pptr)), uintptr(expr), 0) + if e != 0 { + return e + } + + return nil +} + +// PledgeExecpromises implements the pledge syscall. +// +// This changes the execpromises and leaves the promises untouched. +// +// For more information see pledge(2). +func PledgeExecpromises(execpromises string) error { + maj, min, err := majmin() + if err != nil { + return err + } + + err = pledgeAvailable(maj, min, execpromises) + if err != nil { + return err + } + + // This variable holds the promises and is always nil. + var pptr unsafe.Pointer + + exptr, err := syscall.BytePtrFromString(execpromises) + if err != nil { + return err + } + + _, _, e := syscall.Syscall(SYS_PLEDGE, uintptr(pptr), uintptr(unsafe.Pointer(exptr)), 0) if e != 0 { return e } @@ -93,3 +147,20 @@ func majmin() (major int, minor int, err error) { return } + +// pledgeAvailable checks for availability of the pledge(2) syscall +// based on the running OpenBSD version. +func pledgeAvailable(maj, min int, execpromises string) error { + // If OpenBSD <= 5.9, pledge is not available. + if (maj == 5 && min != 9) || maj < 5 { + return fmt.Errorf("pledge syscall is not available on OpenBSD %d.%d", maj, min) + } + + // If OpenBSD <= 6.2 and execpromises is not empty, + // return an error - execpromises is not available before 6.3 + if (maj < 6 || (maj == 6 && min <= 2)) && execpromises != "" { + return fmt.Errorf("cannot use execpromises on OpenBSD %d.%d", maj, min) + } + + return nil +} |