Make pledge.com binary 4kb smaller

This commit is contained in:
Justine Tunney 2022-07-20 13:58:52 -07:00
parent ed205e98a1
commit 097634d75c
2 changed files with 3 additions and 5 deletions
libc/mem
tool/build

View file

@ -92,10 +92,7 @@ static const struct sock_filter kBlacklistLandlock[] = {
_Thread_local static struct {
uint64_t fs_mask;
int fd;
} State = {
.fs_mask = UNVEIL_READ | UNVEIL_WRITE | UNVEIL_EXEC | UNVEIL_CREATE,
.fd = 0,
};
} State;
static int unveil_final(void) {
int rc;
@ -121,6 +118,7 @@ static int err_close(int rc, int fd) {
static int unveil_init(void) {
int rc, fd;
State.fs_mask = UNVEIL_READ | UNVEIL_WRITE | UNVEIL_EXEC | UNVEIL_CREATE;
if ((rc = landlock_create_ruleset(0, 0, LANDLOCK_CREATE_RULESET_VERSION)) <
0) {
if (errno == EOPNOTSUPP) errno = ENOSYS;

View file

@ -65,7 +65,7 @@ usage: pledge.com [-hnN] PROG ARGS...\n\
-g GID call setgid()\n\
-u UID call setuid()\n\
-c PATH call chroot()\n\
-v [PERM:]PATH make PATH visible where PERM can have rwxc\n\
-v [PERM:]PATH call unveil(PATH, PERM[rwxc])\n\
-n set maximum niceness\n\
-N don't normalize file descriptors\n\
-C SECS set cpu limit [default: inherited]\n\