mirrors/cosmopolitan
1
0
Fork 0
mirror of https://github.com/jart/cosmopolitan.git synced 2025-05-23 13:52:28 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

Refactor pledge() to be more configurable

Browse source 
The earlier iterations did too much guesswork when it came to things
like stderr logging and syscall origin verification. This change will
make things more conformant to existing practices. The __pledge_mode
extension now can be configured in a better way.

There's also a new `-q` flag added to pledge.com, e.g.

    o//tool/build/pledge.com -qv. ls

Is a good way to disable warnings about `tty` access attempts.
This commit is contained in:
Justine Tunney 2022-08-11 11:27:25 -07:00
parent 6b8b58fdf5
commit 625aa365f1
36 changed files with 203 additions and 168 deletions
Download patch file Download diff file Expand all files Collapse all files

10
third_party/lua/lunix.c vendored
View file

@ -1377,12 +1377,12 @@ static int LuaUnixSiocgifconf(lua_State *L) {
return 1;
}
// sandbox.pledge([promises:str[, execpromises:str]])
// sandbox.pledge([promises:str[, execpromises:str[, mode:int]]])
// ├─→ true
// └─→ nil, unix.Errno
static int LuaUnixPledge(lua_State *L) {
int olderr = errno;
__pledge_mode = 0;
__pledge_mode = luaL_optinteger(L, 3, 0);
return SysretBool(L, "pledge", olderr,
pledge(luaL_checkstring(L, 1), luaL_optstring(L, 2, 0)));
}
@ -2829,5 +2829,11 @@ int LuaUnix(lua_State *L) {
LuaSetIntField(L, "PATH_MAX", _PATH_MAX);
LuaSetIntField(L, "PIPE_BUF", PIPE_BUF);
// pledge() flags
LuaSetIntField(L, "PLEDGE_PENALTY_KILL_THREAD", PLEDGE_PENALTY_KILL_THREAD);
LuaSetIntField(L, "PLEDGE_PENALTY_KILL_PROCESS", PLEDGE_PENALTY_KILL_PROCESS);
LuaSetIntField(L, "PLEDGE_PENALTY_RETURN_EPERM", PLEDGE_PENALTY_RETURN_EPERM);
LuaSetIntField(L, "PLEDGE_STDERR_LOGGING", PLEDGE_STDERR_LOGGING);
return 1;
}