stagit: static git page generator - add OpenBSD unveil support

commit: edee68f398f5b190f4be0127338956c0a2500662
parent: b5607f75afb9c6e6e6ab49128f9760d3538809cd
Author: Hiltjo Posthuma <hiltjo@codemadness.org>
Date: 2019-12-01 17:31

add OpenBSD unveil support

The unveil() system call first appeared in OpenBSD 6.4.

For stagit it has the following properties now:

- stagit-index: only read-access to the file-system for the specified
  directories/repositories.
- stagit: read-access to the specified directory/repository.
  read-write and creation access to the current directory for the output files.
  read-write and creation access to the specified cache file.

Diffstat

M	stagit-index.c	3	+++
M	stagit.c	7	+++++++

2 files changed, 10 insertions, 0 deletions

diff --git a/stagit-index.c b/stagit-index.c

@@ -159,6 +159,9 @@ main(int argc, char *argv[])
  159   159 	git_libgit2_init();
  160   160 
  161   161 #ifdef __OpenBSD__
   -1   162 	for (i = 1; i < argc; i++)
   -1   163 		if (unveil(argv[i], "r") == -1)
   -1   164 			err(1, "unveil: %s", argv[i]);
  162   165 	if (pledge("stdio rpath", NULL) == -1)
  163   166 		err(1, "pledge");
  164   167 #endif

diff --git a/stagit.c b/stagit.c

@@ -1095,6 +1095,13 @@ main(int argc, char *argv[])
 1095  1095 	git_libgit2_init();
 1096  1096 
 1097  1097 #ifdef __OpenBSD__
   -1  1098 	if (unveil(repodir, "r") == -1)
   -1  1099 		err(1, "unveil: %s", repodir);
   -1  1100 	if (unveil(".", "rwc") == -1)
   -1  1101 		err(1, "unveil: .");
   -1  1102 	if (cachefile && unveil(cachefile, "rwc") == -1)
   -1  1103 		err(1, "unveil: %s", cachefile);
   -1  1104 
 1098  1105 	if (cachefile) {
 1099  1106 		if (pledge("stdio rpath wpath cpath fattr", NULL) == -1)
 1100  1107 			err(1, "pledge");