~qbit/protect

3679c9b4dea612c053eb13bbe80ec989674d4a97 — Aaron Bieber 2 months ago c48b0e8 master v1.2.0
Add UnveilSet
4 files changed, 49 insertions(+), 3 deletions(-)

M go.mod
M go.sum
M protect.go
A protect_test.go
M go.mod => go.mod +1 -1
@@ 2,4 2,4 @@ module suah.dev/protect

go 1.14

require golang.org/x/sys v0.0.0-20200501145240-bc7a7d42d5c3
require golang.org/x/sys v0.0.0-20210917161153-d61c044b1678

M go.sum => go.sum +2 -2
@@ 1,2 1,2 @@
golang.org/x/sys v0.0.0-20200501145240-bc7a7d42d5c3 h1:5B6i6EAiSYyejWfvc5Rc9BbI3rzIsrrXfAQBWnYfn+w=
golang.org/x/sys v0.0.0-20200501145240-bc7a7d42d5c3/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20210917161153-d61c044b1678 h1:J27LZFQBFoihqXoegpscI10HpjZ7B5WQLLKL2FZXQKw=
golang.org/x/sys v0.0.0-20210917161153-d61c044b1678/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=

M protect.go => protect.go +17 -0
@@ 25,6 25,23 @@ func Unveil(path string, flags string) error {
	return unveil(path, flags)
}

// UnveilSet takes a set of Unveils and runs them all, returning the first
// error encountered. Optionally call UnveilBlock at the end.
func UnveilSet(set map[string]string, block bool) error {
	for p, s := range set {
		err := Unveil(p, s)
		if err != nil {
			return err
		}
	}

	if block {
		return UnveilBlock()
	}

	return nil
}

// UnveilBlock locks the Unveil'd paths. Preventing further changes to a
// processes filesystem view.
//

A protect_test.go => protect_test.go +29 -0
@@ 0,0 1,29 @@
package protect

import (
	"testing"
)

func TestReduce(t *testing.T) {
	expected := "stdio unix rpath cpath"
	a := "stdio tty unix unveil rpath cpath wpath"
	b := "unveil tty wpath"

	n, err := reduce(a, b)
	if err != nil {
		t.Error(err)
	}

	if n != expected {
		t.Errorf("reduce: expected %q got %q\n", expected, n)
	}

	c, err := reduce(n, "rpath cpath")
	if err != nil {
		t.Error(err)
	}

	if c != "stdio unix" {
		t.Errorf("reduce: expected %q got %q\n", "stdio unix", c)
	}
}