Mercurial > yakumo_izuru > aya

annotate vendor/golang.org/x/sys/unix/pledge_openbsd.go @ 66:787b5ee0289d draft

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Use vendored modules Signed-off-by: Izuru Yakumo <yakumo.izuru@chaotic.ninja>
author yakumo.izuru
date Sun, 23 Jul 2023 13:18:53 +0000
parents
children
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
66
787b5ee0289d Use vendored modules
yakumo.izuru
parents:
diff changeset
1 // Copyright 2016 The Go Authors. All rights reserved.
787b5ee0289d Use vendored modules
yakumo.izuru
parents:
diff changeset
2 // Use of this source code is governed by a BSD-style
787b5ee0289d Use vendored modules
yakumo.izuru
parents:
diff changeset
3 // license that can be found in the LICENSE file.
787b5ee0289d Use vendored modules
yakumo.izuru
parents:
diff changeset
4
787b5ee0289d Use vendored modules
yakumo.izuru
parents:
diff changeset
5 package unix
787b5ee0289d Use vendored modules
yakumo.izuru
parents:
diff changeset
6
787b5ee0289d Use vendored modules
yakumo.izuru
parents:
diff changeset
7 import (
787b5ee0289d Use vendored modules
yakumo.izuru
parents:
diff changeset
8 "errors"
787b5ee0289d Use vendored modules
yakumo.izuru
parents:
diff changeset
9 "fmt"
787b5ee0289d Use vendored modules
yakumo.izuru
parents:
diff changeset
10 "strconv"
787b5ee0289d Use vendored modules
yakumo.izuru
parents:
diff changeset
11 "syscall"
787b5ee0289d Use vendored modules
yakumo.izuru
parents:
diff changeset
12 "unsafe"
787b5ee0289d Use vendored modules
yakumo.izuru
parents:
diff changeset
13 )
787b5ee0289d Use vendored modules
yakumo.izuru
parents:
diff changeset
14
787b5ee0289d Use vendored modules
yakumo.izuru
parents:
diff changeset
15 // Pledge implements the pledge syscall.
787b5ee0289d Use vendored modules
yakumo.izuru
parents:
diff changeset
16 //
787b5ee0289d Use vendored modules
yakumo.izuru
parents:
diff changeset
17 // The pledge syscall does not accept execpromises on OpenBSD releases
787b5ee0289d Use vendored modules
yakumo.izuru
parents:
diff changeset
18 // before 6.3.
787b5ee0289d Use vendored modules
yakumo.izuru
parents:
diff changeset
19 //
787b5ee0289d Use vendored modules
yakumo.izuru
parents:
diff changeset
20 // execpromises must be empty when Pledge is called on OpenBSD
787b5ee0289d Use vendored modules
yakumo.izuru
parents:
diff changeset
21 // releases predating 6.3, otherwise an error will be returned.
787b5ee0289d Use vendored modules
yakumo.izuru
parents:
diff changeset
22 //
787b5ee0289d Use vendored modules
yakumo.izuru
parents:
diff changeset
23 // For more information see pledge(2).
787b5ee0289d Use vendored modules
yakumo.izuru
parents:
diff changeset
24 func Pledge(promises, execpromises string) error {
787b5ee0289d Use vendored modules
yakumo.izuru
parents:
diff changeset
25 maj, min, err := majmin()
787b5ee0289d Use vendored modules
yakumo.izuru
parents:
diff changeset
26 if err != nil {
787b5ee0289d Use vendored modules
yakumo.izuru
parents:
diff changeset
27 return err
787b5ee0289d Use vendored modules
yakumo.izuru
parents:
diff changeset
28 }
787b5ee0289d Use vendored modules
yakumo.izuru
parents:
diff changeset
29
787b5ee0289d Use vendored modules
yakumo.izuru
parents:
diff changeset
30 err = pledgeAvailable(maj, min, execpromises)
787b5ee0289d Use vendored modules
yakumo.izuru
parents:
diff changeset
31 if err != nil {
787b5ee0289d Use vendored modules
yakumo.izuru
parents:
diff changeset
32 return err
787b5ee0289d Use vendored modules
yakumo.izuru
parents:
diff changeset
33 }
787b5ee0289d Use vendored modules
yakumo.izuru
parents:
diff changeset
34
787b5ee0289d Use vendored modules
yakumo.izuru
parents:
diff changeset
35 pptr, err := syscall.BytePtrFromString(promises)
787b5ee0289d Use vendored modules
yakumo.izuru
parents:
diff changeset
36 if err != nil {
787b5ee0289d Use vendored modules
yakumo.izuru
parents:
diff changeset
37 return err
787b5ee0289d Use vendored modules
yakumo.izuru
parents:
diff changeset
38 }
787b5ee0289d Use vendored modules
yakumo.izuru
parents:
diff changeset
39
787b5ee0289d Use vendored modules
yakumo.izuru
parents:
diff changeset
40 // This variable will hold either a nil unsafe.Pointer or
787b5ee0289d Use vendored modules
yakumo.izuru
parents:
diff changeset
41 // an unsafe.Pointer to a string (execpromises).
787b5ee0289d Use vendored modules
yakumo.izuru
parents:
diff changeset
42 var expr unsafe.Pointer
787b5ee0289d Use vendored modules
yakumo.izuru
parents:
diff changeset
43
787b5ee0289d Use vendored modules
yakumo.izuru
parents:
diff changeset
44 // If we're running on OpenBSD > 6.2, pass execpromises to the syscall.
787b5ee0289d Use vendored modules
yakumo.izuru
parents:
diff changeset
45 if maj > 6 || (maj == 6 && min > 2) {
787b5ee0289d Use vendored modules
yakumo.izuru
parents:
diff changeset
46 exptr, err := syscall.BytePtrFromString(execpromises)
787b5ee0289d Use vendored modules
yakumo.izuru
parents:
diff changeset
47 if err != nil {
787b5ee0289d Use vendored modules
yakumo.izuru
parents:
diff changeset
48 return err
787b5ee0289d Use vendored modules
yakumo.izuru
parents:
diff changeset
49 }
787b5ee0289d Use vendored modules
yakumo.izuru
parents:
diff changeset
50 expr = unsafe.Pointer(exptr)
787b5ee0289d Use vendored modules
yakumo.izuru
parents:
diff changeset
51 }
787b5ee0289d Use vendored modules
yakumo.izuru
parents:
diff changeset
52
787b5ee0289d Use vendored modules
yakumo.izuru
parents:
diff changeset
53 _, _, e := syscall.Syscall(SYS_PLEDGE, uintptr(unsafe.Pointer(pptr)), uintptr(expr), 0)
787b5ee0289d Use vendored modules
yakumo.izuru
parents:
diff changeset
54 if e != 0 {
787b5ee0289d Use vendored modules
yakumo.izuru
parents:
diff changeset
55 return e
787b5ee0289d Use vendored modules
yakumo.izuru
parents:
diff changeset
56 }
787b5ee0289d Use vendored modules
yakumo.izuru
parents:
diff changeset
57
787b5ee0289d Use vendored modules
yakumo.izuru
parents:
diff changeset
58 return nil
787b5ee0289d Use vendored modules
yakumo.izuru
parents:
diff changeset
59 }
787b5ee0289d Use vendored modules
yakumo.izuru
parents:
diff changeset
60
787b5ee0289d Use vendored modules
yakumo.izuru
parents:
diff changeset
61 // PledgePromises implements the pledge syscall.
787b5ee0289d Use vendored modules
yakumo.izuru
parents:
diff changeset
62 //
787b5ee0289d Use vendored modules
yakumo.izuru
parents:
diff changeset
63 // This changes the promises and leaves the execpromises untouched.
787b5ee0289d Use vendored modules
yakumo.izuru
parents:
diff changeset
64 //
787b5ee0289d Use vendored modules
yakumo.izuru
parents:
diff changeset
65 // For more information see pledge(2).
787b5ee0289d Use vendored modules
yakumo.izuru
parents:
diff changeset
66 func PledgePromises(promises string) error {
787b5ee0289d Use vendored modules
yakumo.izuru
parents:
diff changeset
67 maj, min, err := majmin()
787b5ee0289d Use vendored modules
yakumo.izuru
parents:
diff changeset
68 if err != nil {
787b5ee0289d Use vendored modules
yakumo.izuru
parents:
diff changeset
69 return err
787b5ee0289d Use vendored modules
yakumo.izuru
parents:
diff changeset
70 }
787b5ee0289d Use vendored modules
yakumo.izuru
parents:
diff changeset
71
787b5ee0289d Use vendored modules
yakumo.izuru
parents:
diff changeset
72 err = pledgeAvailable(maj, min, "")
787b5ee0289d Use vendored modules
yakumo.izuru
parents:
diff changeset
73 if err != nil {
787b5ee0289d Use vendored modules
yakumo.izuru
parents:
diff changeset
74 return err
787b5ee0289d Use vendored modules
yakumo.izuru
parents:
diff changeset
75 }
787b5ee0289d Use vendored modules
yakumo.izuru
parents:
diff changeset
76
787b5ee0289d Use vendored modules
yakumo.izuru
parents:
diff changeset
77 // This variable holds the execpromises and is always nil.
787b5ee0289d Use vendored modules
yakumo.izuru
parents:
diff changeset
78 var expr unsafe.Pointer
787b5ee0289d Use vendored modules
yakumo.izuru
parents:
diff changeset
79
787b5ee0289d Use vendored modules
yakumo.izuru
parents:
diff changeset
80 pptr, err := syscall.BytePtrFromString(promises)
787b5ee0289d Use vendored modules
yakumo.izuru
parents:
diff changeset
81 if err != nil {
787b5ee0289d Use vendored modules
yakumo.izuru
parents:
diff changeset
82 return err
787b5ee0289d Use vendored modules
yakumo.izuru
parents:
diff changeset
83 }
787b5ee0289d Use vendored modules
yakumo.izuru
parents:
diff changeset
84
787b5ee0289d Use vendored modules
yakumo.izuru
parents:
diff changeset
85 _, _, e := syscall.Syscall(SYS_PLEDGE, uintptr(unsafe.Pointer(pptr)), uintptr(expr), 0)
787b5ee0289d Use vendored modules
yakumo.izuru
parents:
diff changeset
86 if e != 0 {
787b5ee0289d Use vendored modules
yakumo.izuru
parents:
diff changeset
87 return e
787b5ee0289d Use vendored modules
yakumo.izuru
parents:
diff changeset
88 }
787b5ee0289d Use vendored modules
yakumo.izuru
parents:
diff changeset
89
787b5ee0289d Use vendored modules
yakumo.izuru
parents:
diff changeset
90 return nil
787b5ee0289d Use vendored modules
yakumo.izuru
parents:
diff changeset
91 }
787b5ee0289d Use vendored modules
yakumo.izuru
parents:
diff changeset
92
787b5ee0289d Use vendored modules
yakumo.izuru
parents:
diff changeset
93 // PledgeExecpromises implements the pledge syscall.
787b5ee0289d Use vendored modules
yakumo.izuru
parents:
diff changeset
94 //
787b5ee0289d Use vendored modules
yakumo.izuru
parents:
diff changeset
95 // This changes the execpromises and leaves the promises untouched.
787b5ee0289d Use vendored modules
yakumo.izuru
parents:
diff changeset
96 //
787b5ee0289d Use vendored modules
yakumo.izuru
parents:
diff changeset
97 // For more information see pledge(2).
787b5ee0289d Use vendored modules
yakumo.izuru
parents:
diff changeset
98 func PledgeExecpromises(execpromises string) error {
787b5ee0289d Use vendored modules
yakumo.izuru
parents:
diff changeset
99 maj, min, err := majmin()
787b5ee0289d Use vendored modules
yakumo.izuru
parents:
diff changeset
100 if err != nil {
787b5ee0289d Use vendored modules
yakumo.izuru
parents:
diff changeset
101 return err
787b5ee0289d Use vendored modules
yakumo.izuru
parents:
diff changeset
102 }
787b5ee0289d Use vendored modules
yakumo.izuru
parents:
diff changeset
103
787b5ee0289d Use vendored modules
yakumo.izuru
parents:
diff changeset
104 err = pledgeAvailable(maj, min, execpromises)
787b5ee0289d Use vendored modules
yakumo.izuru
parents:
diff changeset
105 if err != nil {
787b5ee0289d Use vendored modules
yakumo.izuru
parents:
diff changeset
106 return err
787b5ee0289d Use vendored modules
yakumo.izuru
parents:
diff changeset
107 }
787b5ee0289d Use vendored modules
yakumo.izuru
parents:
diff changeset
108
787b5ee0289d Use vendored modules
yakumo.izuru
parents:
diff changeset
109 // This variable holds the promises and is always nil.
787b5ee0289d Use vendored modules
yakumo.izuru
parents:
diff changeset
110 var pptr unsafe.Pointer
787b5ee0289d Use vendored modules
yakumo.izuru
parents:
diff changeset
111
787b5ee0289d Use vendored modules
yakumo.izuru
parents:
diff changeset
112 exptr, err := syscall.BytePtrFromString(execpromises)
787b5ee0289d Use vendored modules
yakumo.izuru
parents:
diff changeset
113 if err != nil {
787b5ee0289d Use vendored modules
yakumo.izuru
parents:
diff changeset
114 return err
787b5ee0289d Use vendored modules
yakumo.izuru
parents:
diff changeset
115 }
787b5ee0289d Use vendored modules
yakumo.izuru
parents:
diff changeset
116
787b5ee0289d Use vendored modules
yakumo.izuru
parents:
diff changeset
117 _, _, e := syscall.Syscall(SYS_PLEDGE, uintptr(pptr), uintptr(unsafe.Pointer(exptr)), 0)
787b5ee0289d Use vendored modules
yakumo.izuru
parents:
diff changeset
118 if e != 0 {
787b5ee0289d Use vendored modules
yakumo.izuru
parents:
diff changeset
119 return e
787b5ee0289d Use vendored modules
yakumo.izuru
parents:
diff changeset
120 }
787b5ee0289d Use vendored modules
yakumo.izuru
parents:
diff changeset
121
787b5ee0289d Use vendored modules
yakumo.izuru
parents:
diff changeset
122 return nil
787b5ee0289d Use vendored modules
yakumo.izuru
parents:
diff changeset
123 }
787b5ee0289d Use vendored modules
yakumo.izuru
parents:
diff changeset
124
787b5ee0289d Use vendored modules
yakumo.izuru
parents:
diff changeset
125 // majmin returns major and minor version number for an OpenBSD system.
787b5ee0289d Use vendored modules
yakumo.izuru
parents:
diff changeset
126 func majmin() (major int, minor int, err error) {
787b5ee0289d Use vendored modules
yakumo.izuru
parents:
diff changeset
127 var v Utsname
787b5ee0289d Use vendored modules
yakumo.izuru
parents:
diff changeset
128 err = Uname(&v)
787b5ee0289d Use vendored modules
yakumo.izuru
parents:
diff changeset
129 if err != nil {
787b5ee0289d Use vendored modules
yakumo.izuru
parents:
diff changeset
130 return
787b5ee0289d Use vendored modules
yakumo.izuru
parents:
diff changeset
131 }
787b5ee0289d Use vendored modules
yakumo.izuru
parents:
diff changeset
132
787b5ee0289d Use vendored modules
yakumo.izuru
parents:
diff changeset
133 major, err = strconv.Atoi(string(v.Release[0]))
787b5ee0289d Use vendored modules
yakumo.izuru
parents:
diff changeset
134 if err != nil {
787b5ee0289d Use vendored modules
yakumo.izuru
parents:
diff changeset
135 err = errors.New("cannot parse major version number returned by uname")
787b5ee0289d Use vendored modules
yakumo.izuru
parents:
diff changeset
136 return
787b5ee0289d Use vendored modules
yakumo.izuru
parents:
diff changeset
137 }
787b5ee0289d Use vendored modules
yakumo.izuru
parents:
diff changeset
138
787b5ee0289d Use vendored modules
yakumo.izuru
parents:
diff changeset
139 minor, err = strconv.Atoi(string(v.Release[2]))
787b5ee0289d Use vendored modules
yakumo.izuru
parents:
diff changeset
140 if err != nil {
787b5ee0289d Use vendored modules
yakumo.izuru
parents:
diff changeset
141 err = errors.New("cannot parse minor version number returned by uname")
787b5ee0289d Use vendored modules
yakumo.izuru
parents:
diff changeset
142 return
787b5ee0289d Use vendored modules
yakumo.izuru
parents:
diff changeset
143 }
787b5ee0289d Use vendored modules
yakumo.izuru
parents:
diff changeset
144
787b5ee0289d Use vendored modules
yakumo.izuru
parents:
diff changeset
145 return
787b5ee0289d Use vendored modules
yakumo.izuru
parents:
diff changeset
146 }
787b5ee0289d Use vendored modules
yakumo.izuru
parents:
diff changeset
147
787b5ee0289d Use vendored modules
yakumo.izuru
parents:
diff changeset
148 // pledgeAvailable checks for availability of the pledge(2) syscall
787b5ee0289d Use vendored modules
yakumo.izuru
parents:
diff changeset
149 // based on the running OpenBSD version.
787b5ee0289d Use vendored modules
yakumo.izuru
parents:
diff changeset
150 func pledgeAvailable(maj, min int, execpromises string) error {
787b5ee0289d Use vendored modules
yakumo.izuru
parents:
diff changeset
151 // If OpenBSD <= 5.9, pledge is not available.
787b5ee0289d Use vendored modules
yakumo.izuru
parents:
diff changeset
152 if (maj == 5 && min != 9) || maj < 5 {
787b5ee0289d Use vendored modules
yakumo.izuru
parents:
diff changeset
153 return fmt.Errorf("pledge syscall is not available on OpenBSD %d.%d", maj, min)
787b5ee0289d Use vendored modules
yakumo.izuru
parents:
diff changeset
154 }
787b5ee0289d Use vendored modules
yakumo.izuru
parents:
diff changeset
155
787b5ee0289d Use vendored modules
yakumo.izuru
parents:
diff changeset
156 // If OpenBSD <= 6.2 and execpromises is not empty,
787b5ee0289d Use vendored modules
yakumo.izuru
parents:
diff changeset
157 // return an error - execpromises is not available before 6.3
787b5ee0289d Use vendored modules
yakumo.izuru
parents:
diff changeset
158 if (maj < 6 || (maj == 6 && min <= 2)) && execpromises != "" {
787b5ee0289d Use vendored modules
yakumo.izuru
parents:
diff changeset
159 return fmt.Errorf("cannot use execpromises on OpenBSD %d.%d", maj, min)
787b5ee0289d Use vendored modules
yakumo.izuru
parents:
diff changeset
160 }
787b5ee0289d Use vendored modules
yakumo.izuru
parents:
diff changeset
161
787b5ee0289d Use vendored modules
yakumo.izuru
parents:
diff changeset
162 return nil
787b5ee0289d Use vendored modules
yakumo.izuru
parents:
diff changeset
163 }