summary refs log tree commit diff
path: root/vendor/golang.org/x/sys/unix/unveil_openbsd.go
diff options
context:
space:
mode:
Diffstat (limited to 'vendor/golang.org/x/sys/unix/unveil_openbsd.go')
-rw-r--r--vendor/golang.org/x/sys/unix/unveil_openbsd.go51
1 files changed, 51 insertions, 0 deletions
diff --git a/vendor/golang.org/x/sys/unix/unveil_openbsd.go b/vendor/golang.org/x/sys/unix/unveil_openbsd.go
new file mode 100644
index 0000000..cb7e598
--- /dev/null
+++ b/vendor/golang.org/x/sys/unix/unveil_openbsd.go
@@ -0,0 +1,51 @@
+// Copyright 2018 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package unix
+
+import "fmt"
+
+// Unveil implements the unveil syscall.
+// For more information see unveil(2).
+// Note that the special case of blocking further
+// unveil calls is handled by UnveilBlock.
+func Unveil(path string, flags string) error {
+	if err := supportsUnveil(); err != nil {
+		return err
+	}
+	pathPtr, err := BytePtrFromString(path)
+	if err != nil {
+		return err
+	}
+	flagsPtr, err := BytePtrFromString(flags)
+	if err != nil {
+		return err
+	}
+	return unveil(pathPtr, flagsPtr)
+}
+
+// UnveilBlock blocks future unveil calls.
+// For more information see unveil(2).
+func UnveilBlock() error {
+	if err := supportsUnveil(); err != nil {
+		return err
+	}
+	return unveil(nil, nil)
+}
+
+// supportsUnveil checks for availability of the unveil(2) system call based
+// on the running OpenBSD version.
+func supportsUnveil() error {
+	maj, min, err := majmin()
+	if err != nil {
+		return err
+	}
+
+	// unveil is not available before 6.4
+	if maj < 6 || (maj == 6 && min <= 3) {
+		return fmt.Errorf("cannot call Unveil on OpenBSD %d.%d", maj, min)
+	}
+
+	return nil
+}