yggdrasil-network/yggdrasil-go
1
0
Fork 0
mirror of https://github.com/yggdrasil-network/yggdrasil-go.git synced 2025-04-28 22:25:07 +03:00
Code Issues Projects Releases Packages Wiki Activity Actions

pledge yggdrasilctl

Browse source 
The CLI is simple, but parses config files and communicates over the network
with arbitrary endpoints.

Limit system operations to that is needed before doing anything and drop all
priviledges after config file and socket handling is done, i.e. do parse and
speak over the network completely unprivileged.
This commit is contained in:
Klemens Nanni 2024-10-20 12:19:01 +03:00
parent 2bc1c2d90f
commit a6fcdfca2a
1 changed files with 12 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

12
cmd/yggdrasilctl/main.go
View file

@ -13,6 +13,8 @@ import (
"strings"
"time"
"suah.dev/protect"
"github.com/olekukonko/tablewriter"
"github.com/yggdrasil-network/yggdrasil-go/src/admin"
"github.com/yggdrasil-network/yggdrasil-go/src/core"
@ -22,6 +24,11 @@ import (
)
func main() {
// read config, speak DNS/TCP and/or over a UNIX socket
if err := protect.Pledge("stdio rpath inet unix dns"); err != nil {
panic(err)
}
// makes sure we can use defer and still return an error code to the OS
os.Exit(run())
}
@ -78,6 +85,11 @@ func run() int {
panic(err)
}
// config and socket are done, work without unprivileges
if err := protect.Pledge("stdio"); err != nil {
panic(err)
}
logger.Println("Connected")
defer conn.Close()