1 #include "../../system.h"
4 #include "../../logger.h"
6 void allow_path(const char *path, const char *priv) {
8 logger(DEBUG_ALWAYS, LOG_DEBUG, "Allowing path %s with %s", path, priv);
10 if(unveil(path, priv)) {
11 logger(DEBUG_ALWAYS, LOG_ERR, "unveil(%s, %s) failed: %s", path, priv, strerror(errno));
16 void allow_paths(const unveil_path_t paths[]) {
17 // Since some path variables may contain NULL, we check priv here.
18 // If a NULL path is seen, just skip it.
19 for(const unveil_path_t *p = paths; p->priv; ++p) {
20 allow_path(p->path, p->priv);
24 bool restrict_privs(const char *promises, const char *execpromises) {
25 if(pledge(promises, execpromises)) {
26 logger(DEBUG_ALWAYS, LOG_ERR, "pledge(%s, %s) failed: %s", promises, execpromises, strerror(errno));