~egtann/srp

1e159ea8fa4d0e51ced40f4dc0c127a8056afe01 — Evan Tann 1 year, 3 months ago 34ebe62
remove errors pledge
2 files changed, 14 insertions(+), 4 deletions(-)

M cmd/srp/main.go
M security_openbsd.go
M cmd/srp/main.go => cmd/srp/main.go +13 -3
@@ 34,9 34,6 @@ func main() {
	if err := srp.Unveil(*config); err != nil {
		log.Fatal(err)
	}
	if err := srp.Pledge(); err != nil {
		log.Fatal(err)
	}

	issues := []string{}
	port := strings.TrimLeft(*portTmp, ":")


@@ 110,11 107,24 @@ func main() {
	} else {
		srv.Addr = ":" + port
		go func() {
			// Send 2 because we're listening for two
			if err = srv.ListenAndServe(); err != nil {
				log.Fatal(err)
			}
		}()
	}

	// Wait to give our listeners time to boot before pledging. We have to
	// sleep because ListenAndServe hangs, so we can't send a signal on a
	// channel after that -- only before, and before introduces a race
	// condition which, under some circumstances, results in Pledge being
	// called before ListenAndServe. When that happens, the kernel stops
	// the program. That's why we sleep here, which is plenty of time for
	// both servers to boot.
	time.Sleep(time.Millisecond)
	if err := srp.Pledge(); err != nil {
		log.Fatal(err)
	}
	log.Println("listening on", port)
	if err = proxy.CheckHealth(); err != nil {
		log.Println("check health", err)

M security_openbsd.go => security_openbsd.go +1 -1
@@ 7,7 7,7 @@ import "golang.org/x/sys/unix"
// of OpenBSD 6.6, though the program runs fine without the call, which is why
// we add the `error` pledge.
func Pledge() error {
	const promises = "stdio rpath inet error"
	const promises = "stdio rpath inet"
	if err := unix.Pledge(promises, ""); err != nil {
		return err
	}