Improve pledge() and unveil()

The pledge.com command now supports the new [WIP] unveil() support. For example, to strongly sandbox our command for listing directories. o//tool/build/assimilate.com o//examples/ls.com pledge.com -v /etc -p 'stdio rpath' o//examples/ls.com /etc This file system sandboxing is going to be perfect for us, because APE binaries are self-contained static executables that really don't use the filesystem that much. On the other hand, with non-static executables, sandboxing is going to be more difficult. For example, here's how to sandbox the `ls` command on the latest Alpine: pledge.com -v rx:/lib -v /usr/lib -v /etc -p 'stdio rpath exec' ls /etc This change fixes the `execpromises` API with pledge(). This change also adds unix.unveil() to redbean. Fixes #494
2025-07-06 19:28:29 +00:00 · 2022-07-18 07:23:15 -07:00 · 2022-07-18 07:23:15 -07:00 · e81edf7b04
commit e81edf7b04
parent b1d9d11be1
19 changed files with 535 additions and 150 deletions
--- a/libc/intrin/promises.internal.h
+++ b/libc/intrin/promises.internal.h
@ -1,33 +1,33 @@
 #ifndef COSMOPOLITAN_LIBC_INTRIN_PROMISES_H_
 #define COSMOPOLITAN_LIBC_INTRIN_PROMISES_H_

-#define PROMISE_DEFAULT    0
-#define PROMISE_STDIO      1
-#define PROMISE_RPATH      2
-#define PROMISE_WPATH      3
-#define PROMISE_CPATH      4
-#define PROMISE_DPATH      5
-#define PROMISE_FLOCK      6
-#define PROMISE_FATTR      7
-#define PROMISE_INET       8
-#define PROMISE_UNIX       9
-#define PROMISE_DNS        10
-#define PROMISE_TTY        11
-#define PROMISE_RECVFD     12
-#define PROMISE_PROC       13
-#define PROMISE_THREAD     14
-#define PROMISE_EXEC       15
-#define PROMISE_EXECNATIVE 16
-#define PROMISE_ID         17
-#define PROMISE_UNVEIL     18
-#define PROMISE_MAX        18
+#define PROMISE_STDIO      0
+#define PROMISE_RPATH      1
+#define PROMISE_WPATH      2
+#define PROMISE_CPATH      3
+#define PROMISE_DPATH      4
+#define PROMISE_FLOCK      5
+#define PROMISE_FATTR      6
+#define PROMISE_INET       7
+#define PROMISE_UNIX       8
+#define PROMISE_DNS        9
+#define PROMISE_TTY        10
+#define PROMISE_RECVFD     11
+#define PROMISE_PROC       12
+#define PROMISE_THREAD     13
+#define PROMISE_EXEC       14
+#define PROMISE_EXECNATIVE 15
+#define PROMISE_ID         16
+#define PROMISE_UNVEIL     17
+#define PROMISE_SENDFD     18

-#define PLEDGED(x) (~__promises & (1L << PROMISE_##x))
+#define PLEDGED(x) ((~__promises >> PROMISE_##x) & 1)

 #if !(__ASSEMBLER__ + __LINKER__ + 0)
 COSMOPOLITAN_C_START_

 hidden extern unsigned long __promises;
+hidden extern unsigned long __execpromises;

 COSMOPOLITAN_C_END_
 #endif /* !(__ASSEMBLER__ + __LINKER__ + 0) */