Further improve unveil() implementation

This change addresses review comments from Günther Noack on GitHub.
We're now blacklisting truncate() and setxattr() since Landlock lets
them operate on veiled files. The restriction has been lifted on using
unveil() multiple times, since Landlock does that well.
This commit is contained in:
Justine Tunney 2022-07-24 05:54:26 -07:00
parent 8593580d0a
commit 6c71bd5969
6 changed files with 154 additions and 43 deletions

View file

@ -53,10 +53,12 @@ static textwindows dontinline uint32_t GetUserNameHash(void) {
*/
int getuid(void) {
int rc;
if (!IsWindows()) {
rc = sys_getuid();
} else {
rc = GetUserNameHash();
if (!(rc = getauxval(AT_UID))) {
if (!IsWindows()) {
rc = sys_getuid();
} else {
rc = GetUserNameHash();
}
}
STRACE("%s() → %d% m", "getuid", rc);
return rc;
@ -73,10 +75,12 @@ int getuid(void) {
*/
int getgid(void) {
int rc;
if (!IsWindows()) {
rc = sys_getgid();
} else {
rc = GetUserNameHash();
if (!(rc = getauxval(AT_GID))) {
if (!IsWindows()) {
rc = sys_getgid();
} else {
rc = GetUserNameHash();
}
}
STRACE("%s() → %d% m", "getgid", rc);
return rc;