1
Fork 0
mirror of https://github.com/RGBCube/serenity synced 2025-07-27 04:07:45 +00:00

Userland: Tighten a *lot* of pledges! :^)

Since applications using Core::EventLoop no longer need to create a
socket in /tmp/rpc/, and also don't need to listen for incoming
connections on this socket, we can remove a whole bunch of pledges!
This commit is contained in:
Andreas Kling 2021-05-13 23:20:26 +02:00
parent 04d78adaf7
commit 31d4bcf5bf
59 changed files with 97 additions and 163 deletions

View file

@ -40,18 +40,13 @@ static void update_path_environment_variable();
int main(int argc, char** argv)
{
if (pledge("stdio recvfd sendfd tty accept rpath cpath wpath proc exec unix fattr thread unix ptrace", nullptr) < 0) {
if (pledge("stdio recvfd sendfd tty rpath cpath wpath proc exec unix thread ptrace", nullptr) < 0) {
perror("pledge");
return 1;
}
auto app = GUI::Application::construct(argc, argv);
if (pledge("stdio recvfd sendfd tty accept rpath cpath wpath proc exec fattr thread unix ptrace", nullptr) < 0) {
perror("pledge");
return 1;
}
s_window = GUI::Window::construct();
s_window->resize(840, 600);
s_window->set_icon(Gfx::Bitmap::load_from_file("/res/icons/16x16/app-hack-studio.png"));

View file

@ -34,7 +34,7 @@ using namespace Inspector;
int main(int argc, char** argv)
{
if (pledge("stdio recvfd sendfd rpath accept unix cpath fattr", nullptr) < 0) {
if (pledge("stdio recvfd sendfd rpath unix", nullptr) < 0) {
perror("pledge");
return 1;
}
@ -179,7 +179,7 @@ int main(int argc, char** argv)
window->show();
remote_process.update();
if (pledge("stdio recvfd sendfd rpath accept unix", nullptr) < 0) {
if (pledge("stdio recvfd sendfd rpath", nullptr) < 0) {
perror("pledge");
return 1;
}

View file

@ -58,14 +58,14 @@ void UnregisteredWidget::paint_event(GUI::PaintEvent& event)
int main(int argc, char** argv)
{
if (pledge("stdio thread recvfd sendfd accept cpath rpath wpath unix fattr", nullptr) < 0) {
if (pledge("stdio thread recvfd sendfd cpath rpath wpath unix", nullptr) < 0) {
perror("pledge");
return 1;
}
auto app = GUI::Application::construct(argc, argv);
if (pledge("stdio thread recvfd sendfd accept rpath cpath wpath unix", nullptr) < 0) {
if (pledge("stdio thread recvfd sendfd rpath cpath wpath unix", nullptr) < 0) {
perror("pledge");
return 1;
}
@ -78,7 +78,7 @@ int main(int argc, char** argv)
return 1;
}
if (pledge("stdio thread recvfd sendfd accept rpath cpath wpath", nullptr) < 0) {
if (pledge("stdio thread recvfd sendfd rpath cpath wpath", nullptr) < 0) {
perror("pledge");
return 1;
}