mirrors/cosmopolitan
1
0
Fork 0
mirror of https://github.com/jart/cosmopolitan.git synced 2025-05-29 08:42:28 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

Make pledge.com binary 4kb smaller

Browse source
This commit is contained in:
Justine Tunney 2022-07-20 13:58:52 -07:00
parent ed205e98a1
commit 097634d75c
2 changed files with 3 additions and 5 deletions
Download patch file Download diff file Expand all files Collapse all files

6
libc/mem/unveil.c
View file

@ -92,10 +92,7 @@ static const struct sock_filter kBlacklistLandlock[] = {
_Thread_local static struct { _Thread_local static struct {
uint64_t fs_mask; uint64_t fs_mask;
int fd; int fd;
} State = { } State;
.fs_mask = UNVEIL_READ | UNVEIL_WRITE | UNVEIL_EXEC | UNVEIL_CREATE,
.fd = 0,
};
static int unveil_final(void) { static int unveil_final(void) {
int rc; int rc;
@ -121,6 +118,7 @@ static int err_close(int rc, int fd) {
static int unveil_init(void) { static int unveil_init(void) {
int rc, fd; int rc, fd;
State.fs_mask = UNVEIL_READ | UNVEIL_WRITE | UNVEIL_EXEC | UNVEIL_CREATE;
if ((rc = landlock_create_ruleset(0, 0, LANDLOCK_CREATE_RULESET_VERSION)) < if ((rc = landlock_create_ruleset(0, 0, LANDLOCK_CREATE_RULESET_VERSION)) <
0) { 0) {
if (errno == EOPNOTSUPP) errno = ENOSYS; if (errno == EOPNOTSUPP) errno = ENOSYS;

2
tool/build/pledge.c
View file

@ -65,7 +65,7 @@ usage: pledge.com [-hnN] PROG ARGS...\n\
-g GID call setgid()\n\ -g GID call setgid()\n\
-u UID call setuid()\n\ -u UID call setuid()\n\
-c PATH call chroot()\n\ -c PATH call chroot()\n\
-v [PERM:]PATH make PATH visible where PERM can have rwxc\n\ -v [PERM:]PATH call unveil(PATH, PERM[rwxc])\n\
-n set maximum niceness\n\ -n set maximum niceness\n\
-N don't normalize file descriptors\n\ -N don't normalize file descriptors\n\
-C SECS set cpu limit [default: inherited]\n\ -C SECS set cpu limit [default: inherited]\n\