mirror of
https://github.com/RGBCube/serenity
synced 2025-07-27 04:57:45 +00:00
Userland: Tighten a *lot* of pledges! :^)
Since applications using Core::EventLoop no longer need to create a socket in /tmp/rpc/, and also don't need to listen for incoming connections on this socket, we can remove a whole bunch of pledges!
This commit is contained in:
parent
04d78adaf7
commit
31d4bcf5bf
59 changed files with 97 additions and 163 deletions
|
@ -10,7 +10,7 @@
|
|||
|
||||
int main(int, char**)
|
||||
{
|
||||
if (pledge("stdio recvfd thread accept rpath wpath cpath unix fattr", nullptr) < 0) {
|
||||
if (pledge("stdio recvfd thread accept cpath rpath wpath unix", nullptr) < 0) {
|
||||
perror("pledge");
|
||||
return 1;
|
||||
}
|
||||
|
|
|
@ -11,7 +11,7 @@
|
|||
|
||||
int main()
|
||||
{
|
||||
if (pledge("stdio recvfd sendfd accept unix rpath cpath fattr", nullptr) < 0) {
|
||||
if (pledge("stdio recvfd sendfd unix rpath", nullptr) < 0) {
|
||||
perror("pledge");
|
||||
return 1;
|
||||
}
|
||||
|
|
|
@ -12,15 +12,11 @@
|
|||
|
||||
int main(int, char**)
|
||||
{
|
||||
if (pledge("stdio recvfd sendfd accept unix rpath cpath fattr", nullptr) < 0) {
|
||||
if (pledge("stdio recvfd sendfd accept unix", nullptr) < 0) {
|
||||
perror("pledge");
|
||||
return 1;
|
||||
}
|
||||
Core::EventLoop event_loop;
|
||||
if (pledge("stdio recvfd sendfd unix accept", nullptr) < 0) {
|
||||
perror("pledge");
|
||||
return 1;
|
||||
}
|
||||
if (unveil(nullptr, nullptr) < 0) {
|
||||
perror("unveil");
|
||||
return 1;
|
||||
|
|
|
@ -20,7 +20,7 @@
|
|||
|
||||
int main([[maybe_unused]] int argc, [[maybe_unused]] char** argv)
|
||||
{
|
||||
if (pledge("stdio unix inet cpath rpath fattr", nullptr) < 0) {
|
||||
if (pledge("stdio unix inet cpath rpath", nullptr) < 0) {
|
||||
perror("pledge");
|
||||
return 1;
|
||||
}
|
||||
|
@ -43,7 +43,7 @@ int main([[maybe_unused]] int argc, [[maybe_unused]] char** argv)
|
|||
auto ifs = ifs_result.release_value();
|
||||
auto client = DHCPv4Client::construct(move(ifs.ready), move(ifs.not_ready));
|
||||
|
||||
if (pledge("stdio inet cpath rpath fattr", nullptr) < 0) {
|
||||
if (pledge("stdio inet cpath rpath", nullptr) < 0) {
|
||||
perror("pledge");
|
||||
return 1;
|
||||
}
|
||||
|
|
|
@ -16,7 +16,7 @@
|
|||
|
||||
int main(int argc, char** argv)
|
||||
{
|
||||
if (pledge("stdio cpath unix fattr inet id accept", nullptr) < 0) {
|
||||
if (pledge("stdio unix inet id accept", nullptr) < 0) {
|
||||
perror("pledge");
|
||||
return 1;
|
||||
}
|
||||
|
|
|
@ -12,7 +12,7 @@
|
|||
|
||||
int main([[maybe_unused]] int argc, [[maybe_unused]] char** argv)
|
||||
{
|
||||
if (pledge("stdio accept unix inet cpath rpath fattr", nullptr) < 0) {
|
||||
if (pledge("stdio accept unix inet rpath", nullptr) < 0) {
|
||||
perror("pledge");
|
||||
return 1;
|
||||
}
|
||||
|
|
|
@ -12,7 +12,7 @@
|
|||
|
||||
int main(int argc, char** argv)
|
||||
{
|
||||
if (pledge("stdio recvfd sendfd accept rpath wpath cpath unix fattr", nullptr) < 0) {
|
||||
if (pledge("stdio recvfd sendfd accept rpath unix", nullptr) < 0) {
|
||||
perror("pledge");
|
||||
return 1;
|
||||
}
|
||||
|
|
|
@ -15,7 +15,7 @@
|
|||
|
||||
int main(int, char**)
|
||||
{
|
||||
if (pledge("stdio inet accept unix rpath cpath fattr sendfd recvfd", nullptr) < 0) {
|
||||
if (pledge("stdio inet accept unix rpath sendfd recvfd", nullptr) < 0) {
|
||||
perror("pledge");
|
||||
return 1;
|
||||
}
|
||||
|
|
|
@ -31,7 +31,7 @@ static NonnullRefPtr<GUI::Menu> build_system_menu();
|
|||
|
||||
int main(int argc, char** argv)
|
||||
{
|
||||
if (pledge("stdio recvfd sendfd accept proc exec rpath unix cpath fattr sigaction", nullptr) < 0) {
|
||||
if (pledge("stdio recvfd sendfd proc exec rpath unix sigaction", nullptr) < 0) {
|
||||
perror("pledge");
|
||||
return 1;
|
||||
}
|
||||
|
@ -46,7 +46,7 @@ int main(int argc, char** argv)
|
|||
// We need to obtain the WM connection here as well before the pledge shortening.
|
||||
GUI::WindowManagerServerConnection::the();
|
||||
|
||||
if (pledge("stdio recvfd sendfd accept proc exec rpath", nullptr) < 0) {
|
||||
if (pledge("stdio recvfd sendfd proc exec rpath", nullptr) < 0) {
|
||||
perror("pledge");
|
||||
return 1;
|
||||
}
|
||||
|
|
|
@ -37,7 +37,7 @@ int main(int argc, char** argv)
|
|||
return 1;
|
||||
}
|
||||
|
||||
if (pledge("stdio accept rpath inet unix cpath fattr", nullptr) < 0) {
|
||||
if (pledge("stdio accept rpath inet unix", nullptr) < 0) {
|
||||
perror("pledge");
|
||||
return 1;
|
||||
}
|
||||
|
|
|
@ -12,7 +12,7 @@
|
|||
|
||||
int main(int, char**)
|
||||
{
|
||||
if (pledge("stdio inet accept unix rpath cpath fattr sendfd recvfd", nullptr) < 0) {
|
||||
if (pledge("stdio inet unix rpath sendfd recvfd", nullptr) < 0) {
|
||||
perror("pledge");
|
||||
return 1;
|
||||
}
|
||||
|
@ -22,7 +22,7 @@ int main(int, char**)
|
|||
|
||||
Core::EventLoop event_loop;
|
||||
// FIXME: Establish a connection to LookupServer and then drop "unix"?
|
||||
if (pledge("stdio inet accept unix sendfd recvfd", nullptr) < 0) {
|
||||
if (pledge("stdio inet unix sendfd recvfd", nullptr) < 0) {
|
||||
perror("pledge");
|
||||
return 1;
|
||||
}
|
||||
|
|
|
@ -19,7 +19,7 @@
|
|||
|
||||
int main(int, char**)
|
||||
{
|
||||
if (pledge("stdio video thread sendfd recvfd accept rpath wpath cpath unix proc fattr sigaction", nullptr) < 0) {
|
||||
if (pledge("stdio video thread sendfd recvfd accept rpath wpath cpath unix proc sigaction", nullptr) < 0) {
|
||||
perror("pledge");
|
||||
return 1;
|
||||
}
|
||||
|
|
Loading…
Add table
Add a link
Reference in a new issue