Drop filesystem access iff possible

Log files and state save/restore both require read/write access to the filesystem, both during start and exit. If neither features are used, catgirl may run with "stdio tty".
author: Klemens Nanni 2021-01-22 22:02:02 +0100
committer: C. McEnroe 2021-01-23 00:48:19 -0500
commit: bc3bd956481131a15dcae95eb818b3b3ccc7ed79 (patch)
tree: 87b247c8590e9de7ad6eee62717999fb2da701bb
parent: 837c9efce434acf75834fd9ef8a5a05c1fa61004 (diff)
1 files changed, 6 insertions, 4 deletions
diff --git a/chat.c b/chat.c
index b36223c..6458925 100644
--- a/chat.c
+++ b/chat.c
@@ -341,10 +341,12 @@ int main(int argc, char *argv[]) {
 	}
 
 #ifdef __OpenBSD__
-	if (self.restricted) {
-		error = pledge("stdio rpath wpath cpath tty", NULL);
-		if (error) err(EX_OSERR, "pledge");
-	}
+	char promises[64] = "stdio tty";
+	struct Cat cat = { promises, sizeof(promises), strlen(promises) };
+	if (save || logEnable) catf(&cat, " rpath wpath cpath");
+	if (!self.restricted) catf(&cat, " proc exec");
+	error = pledge(promises, NULL);
+	if (error) err(EX_OSERR, "pledge");
 #endif
 
 	struct pollfd fds[] = {
author	Klemens Nanni	2021-01-22 22:02:02 +0100
committer	C. McEnroe	2021-01-23 00:48:19 -0500
commit	bc3bd956481131a15dcae95eb818b3b3ccc7ed79 (patch)
tree	87b247c8590e9de7ad6eee62717999fb2da701bb
parent	837c9efce434acf75834fd9ef8a5a05c1fa61004 (diff)