README

protect

Package protect is a wrapper for OpenBSD's pledge(2) and unveil(2) system calls.

It allows one to safely call Unveil / Pledge on non-OpenBSD operating systems.

Documentation

Overview

    Package protect is a wrapper for OpenBSD's pledge(2) and unveil(2) system calls.

    This library is trivial, but I found myself writing it often enough that I figure it should be a package.

    Index

    Constants

    This section is empty.

    Variables

    This section is empty.

    Functions

    func Pledge

    func Pledge(promises string) error

      Pledge wraps OpenBSD's pledge(2) system call. One can use this to limit the system calls a process can make.

      On non-OpenBSD machines this call is a noop.

      func Unveil

      func Unveil(path string, flags string) error

        Unveil is a wrapper for OpenBSD's unveil(2). unveil can be used to limit a processes view of the filesystem.

        The first call to Unveil removes a processes visibility to everything except 'path'. Any subsequent calls expand the view to contain those paths. Finally a call to UnveilBlock will lock the view in place. Preventing access to anything else.

        On non-OpenBSD machines this call is a noop.

        func UnveilBlock

        func UnveilBlock() error

          UnveilBlock locks the Unveil'd paths. Preventing further changes to a processes filesystem view.

          On non-OpenBSD machines this call is a noop.

          Types

          This section is empty.