1 // Copyright 2016 The Go Authors. All rights reserved. |
|
2 // Use of this source code is governed by a BSD-style |
|
3 // license that can be found in the LICENSE file. |
|
4 |
|
5 // +build openbsd |
|
6 // +build 386 amd64 arm |
|
7 |
|
8 package unix |
|
9 |
|
10 import ( |
|
11 "errors" |
|
12 "fmt" |
|
13 "strconv" |
|
14 "syscall" |
|
15 "unsafe" |
|
16 ) |
|
17 |
|
18 const ( |
|
19 _SYS_PLEDGE = 108 |
|
20 ) |
|
21 |
|
22 // Pledge implements the pledge syscall. |
|
23 // |
|
24 // The pledge syscall does not accept execpromises on OpenBSD releases |
|
25 // before 6.3. |
|
26 // |
|
27 // execpromises must be empty when Pledge is called on OpenBSD |
|
28 // releases predating 6.3, otherwise an error will be returned. |
|
29 // |
|
30 // For more information see pledge(2). |
|
31 func Pledge(promises, execpromises string) error { |
|
32 maj, min, err := majmin() |
|
33 if err != nil { |
|
34 return err |
|
35 } |
|
36 |
|
37 // If OpenBSD <= 5.9, pledge is not available. |
|
38 if (maj == 5 && min != 9) || maj < 5 { |
|
39 return fmt.Errorf("pledge syscall is not available on OpenBSD %d.%d", maj, min) |
|
40 } |
|
41 |
|
42 // If OpenBSD <= 6.2 and execpromises is not empty |
|
43 // return an error - execpromises is not available before 6.3 |
|
44 if (maj < 6 || (maj == 6 && min <= 2)) && execpromises != "" { |
|
45 return fmt.Errorf("cannot use execpromises on OpenBSD %d.%d", maj, min) |
|
46 } |
|
47 |
|
48 pptr, err := syscall.BytePtrFromString(promises) |
|
49 if err != nil { |
|
50 return err |
|
51 } |
|
52 |
|
53 // This variable will hold either a nil unsafe.Pointer or |
|
54 // an unsafe.Pointer to a string (execpromises). |
|
55 var expr unsafe.Pointer |
|
56 |
|
57 // If we're running on OpenBSD > 6.2, pass execpromises to the syscall. |
|
58 if maj > 6 || (maj == 6 && min > 2) { |
|
59 exptr, err := syscall.BytePtrFromString(execpromises) |
|
60 if err != nil { |
|
61 return err |
|
62 } |
|
63 expr = unsafe.Pointer(exptr) |
|
64 } |
|
65 |
|
66 _, _, e := syscall.Syscall(_SYS_PLEDGE, uintptr(unsafe.Pointer(pptr)), uintptr(expr), 0) |
|
67 if e != 0 { |
|
68 return e |
|
69 } |
|
70 |
|
71 return nil |
|
72 } |
|
73 |
|
74 // majmin returns major and minor version number for an OpenBSD system. |
|
75 func majmin() (major int, minor int, err error) { |
|
76 var v Utsname |
|
77 err = Uname(&v) |
|
78 if err != nil { |
|
79 return |
|
80 } |
|
81 |
|
82 major, err = strconv.Atoi(string(v.Release[0])) |
|
83 if err != nil { |
|
84 err = errors.New("cannot parse major version number returned by uname") |
|
85 return |
|
86 } |
|
87 |
|
88 minor, err = strconv.Atoi(string(v.Release[2])) |
|
89 if err != nil { |
|
90 err = errors.New("cannot parse minor version number returned by uname") |
|
91 return |
|
92 } |
|
93 |
|
94 return |
|
95 } |
|