RGBCube/serenity
1
Fork 0
mirror of https://github.com/RGBCube/serenity synced 2025-05-14 08:34:57 +00:00
Code Issues Activity Actions

Utilities/beep: Restrict possible capabilities

Browse source 
We can now just unveil the /dev/beep device node, as well as to restrict
the utility functionality for rpath, wpath & stdio related syscalls only
because we don't actually need anything else.
This commit is contained in:
Liav A 2023-08-25 20:26:44 +03:00 committed by Tim Schumacher
parent 26f96d2a42
commit 55ea2d892c
1 changed files with 3 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

3
Userland/Utilities/beep.cpp
View file

@ -10,6 +10,9 @@
ErrorOr<int> serenity_main(Main::Arguments arguments)
{
TRY(Core::System::pledge("stdio rpath wpath"));
TRY(Core::System::unveil("/dev/beep", "rw"));
TRY(Core::System::unveil(nullptr, nullptr));
Optional<size_t> tone;
Optional<size_t> milliseconds_duration;
Core::ArgsParser args_parser;