Permalink
Browse files

Add initial pledge(2) support on OpenBSD (#217)

On other platforms, this will be a no-op. Fixes #164.
  • Loading branch information...
worr authored and dajohi committed Jan 7, 2019
1 parent 69385ec commit d619f904b976b0fedf198283130dc0744ca2a158
Showing with 17 additions and 2 deletions.
  1. +2 −1 freebsd/Makefile
  2. +1 −0 linux/pledge.h
  3. +2 −1 osx/Makefile
  4. +12 −0 spectrwm.c
@@ -27,6 +27,7 @@ all: spectrwm libswmhack.so.$(LVERS)
spectrwm.c:
ln -sf ../spectrwm.c
ln -sf ../version.h
ln -sf ../linux/pledge.h

swm_hack.c:
ln -sf ../lib/swm_hack.c
@@ -50,7 +51,7 @@ install: all
ln -sf spectrwm $(SWM_BINDIR)/scrotwm

clean:
rm -f spectrwm *.o *.so libswmhack.so.* spectrwm.c swm_hack.c version.h
rm -f spectrwm *.o *.so libswmhack.so.* spectrwm.c swm_hack.c version.h pledge.h

.PHONY: all install clean

@@ -0,0 +1 @@
#define pledge(promises, execpromises) (0)
@@ -37,6 +37,7 @@ spectrwm.c:
ln -sf ../linux/tree.h
ln -sf ../spectrwm.c
ln -sf ../version.h
ln -sf ../linux/pledge.h

swm_hack.c:
ln -sf ../lib/swm_hack.c
@@ -64,6 +65,6 @@ install: all
ln -sf libswmhack.so.0.0 $(DESTDIR)$(LIBDIR)/libswmhack.so

clean:
rm -f spectrwm *.o *.so libswmhack.so.* spectrwm.c swm_hack.c tree.h version.h
rm -f spectrwm *.o *.so libswmhack.so.* spectrwm.c swm_hack.c tree.h version.h pledge.h

.PHONY: all install clean
@@ -54,6 +54,9 @@
#include <fcntl.h>
#include <locale.h>
#include <paths.h>
#if !defined(__OpenBSD__)
#include "pledge.h"
#endif
#include <pwd.h>
#include <regex.h>
#include <signal.h>
@@ -3863,6 +3866,9 @@ spawn(int ws_idx, union arg *args, bool close_fd)
if (args == NULL || args->argv[0] == NULL)
return;

if (pledge("stdio proc exec", NULL) == -1)
err(1, "pledge");

DNPRINTF(SWM_D_MISC, "%s\n", args->argv[0]);

close(xcb_get_file_descriptor(conn));
@@ -12452,6 +12458,9 @@ main(int argc, char *argv[])
if (setlocale(LC_CTYPE, "") == NULL || setlocale(LC_TIME, "") == NULL)
warnx("no locale support");

if (pledge("stdio rpath proc exec getpw dns unix", NULL) == -1)
err(1, "pledge");

/* handle some signals */
bzero(&sact, sizeof(sact));
sigemptyset(&sact.sa_mask);
@@ -12478,6 +12487,9 @@ main(int argc, char *argv[])
xcb_prefetch_extension_data(conn, &xcb_randr_id);
xfd = xcb_get_file_descriptor(conn);

if (pledge("stdio rpath proc exec getpw", NULL) == -1)
err(1, "pledge");

/* look for local and global conf file */
pwd = getpwuid(getuid());
if (pwd == NULL)

0 comments on commit d619f90

Please sign in to comment.