From 2f880a047fc4466bbcc19da7c1fdf3c33f2ff2cd Mon Sep 17 00:00:00 2001 From: Andreas Kling Date: Sat, 11 Jan 2020 20:50:27 +0100 Subject: [PATCH] Browser: Use pledge() This is the first complex app to use pledge(), and it was extremely easy to get it working. The main trickiness comes from the RPC sockets that get set up inside the GApplication constructor. Since it wants to unlink any old RPC socket with the same filename and change the file mode of the new socket, it needs both "cpath" and "fattr". Once the GApplication has been constructed, it seems we can safely drop those promises. Pretty cool! --- Applications/Browser/main.cpp | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/Applications/Browser/main.cpp b/Applications/Browser/main.cpp index 4189bea3bf..256f966d0b 100644 --- a/Applications/Browser/main.cpp +++ b/Applications/Browser/main.cpp @@ -30,8 +30,18 @@ static const char* home_url = "file:///home/anon/www/welcome.html"; int main(int argc, char** argv) { + if (pledge("stdio dns unix shared_buffer cpath rpath fattr", nullptr) < 0) { + perror("pledge"); + return 1; + } + GApplication app(argc, argv); + if (pledge("stdio dns unix shared_buffer rpath", nullptr) < 0) { + perror("pledge"); + return 1; + } + auto window = GWindow::construct(); window->set_rect(100, 100, 640, 480);