protect

package module
Version: v1.1.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jul 8, 2021 License: ISC Imports: 2 Imported by: 7

README

protect

Package protect is a wrapper for OpenBSD's pledge(2) and unveil(2) system calls.

It allows one to safely call Unveil / Pledge on non-OpenBSD operating systems.

Documentation

Overview

Package protect is a wrapper for OpenBSD's pledge(2) and unveil(2) system calls.

This library is trivial, but I found myself writing it often enough that I figure it should be a package.

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func Pledge

func Pledge(promises string) error

Pledge wraps OpenBSD's pledge(2) system call. One can use this to limit the system calls a process can make.

On non-OpenBSD machines this call is a noop.

func ReducePledges

func ReducePledges(current, toRemove string) (string, error)

ReducePledges takes the current list of plpedges and a list of pledges that should be removed. The new list is returned and Pledge() will be called with the reduced set of pledges.

func Unveil

func Unveil(path string, flags string) error

Unveil is a wrapper for OpenBSD's unveil(2). unveil can be used to limit a processes view of the filesystem.

The first call to Unveil removes a processes visibility to everything except 'path'. Any subsequent calls expand the view to contain those paths. Finally a call to UnveilBlock will lock the view in place. Preventing access to anything else.

On non-OpenBSD machines this call is a noop.

func UnveilBlock

func UnveilBlock() error

UnveilBlock locks the Unveil'd paths. Preventing further changes to a processes filesystem view.

On non-OpenBSD machines this call is a noop.

Types

This section is empty.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
t or T : Toggle theme light dark auto