yggdrasil-network/yggdrasil-go
1
0
Fork 0
mirror of https://github.com/yggdrasil-network/yggdrasil-go.git synced 2025-11-04 03:05:07 +03:00
Code Issues Projects Releases Packages Wiki Activity Actions

Use pledge(2) on OpenBSD (#1215)

Browse source 
Straight forward thanks to all privileged operations being done early
enough during startup.
This commit is contained in:
Klemens Nanni 2024-12-22 14:04:26 +03:00 committed by GitHub
parent 213f72b840
commit 782c0250d7
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
1 changed files with 15 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

15
cmd/yggdrasil/main.go
View file

@ -312,6 +312,21 @@ func main() {
} }
} }
// Promise final modes of operation. At this point, if at all:
// - raw socket is created/open
// - admin socket is created/open
// - privileges are dropped to non-root user
//
// Peers, InterfacePeers, Listen can be UNIX sockets;
// Go's net.Listen.Close() deletes files on shutdown.
promises := []string{"stdio", "cpath", "inet", "unix", "dns"}
if len(cfg.MulticastInterfaces) > 0 {
promises = append(promises, "mcast")
}
if err := protect.Pledge(strings.Join(promises, " ")); err != nil {
panic(fmt.Sprintf("pledge: %v: %v", promises, err))
}
// Block until we are told to shut down. // Block until we are told to shut down.
<-ctx.Done() <-ctx.Done()