1
// Copyright 2016 The Go Authors. All rights reserved.
2
// Use of this source code is governed by a BSD-style
3
// license that can be found in the LICENSE file.
15
// Pledge implements the pledge syscall.
17
// The pledge syscall does not accept execpromises on OpenBSD releases
20
// execpromises must be empty when Pledge is called on OpenBSD
21
// releases predating 6.3, otherwise an error will be returned.
23
// For more information see pledge(2).
24
func Pledge(promises, execpromises string) error {
25
maj, min, err := majmin()
30
err = pledgeAvailable(maj, min, execpromises)
35
pptr, err := syscall.BytePtrFromString(promises)
40
// This variable will hold either a nil unsafe.Pointer or
41
// an unsafe.Pointer to a string (execpromises).
42
var expr unsafe.Pointer
44
// If we're running on OpenBSD > 6.2, pass execpromises to the syscall.
45
if maj > 6 || (maj == 6 && min > 2) {
46
exptr, err := syscall.BytePtrFromString(execpromises)
50
expr = unsafe.Pointer(exptr)
53
_, _, e := syscall.Syscall(SYS_PLEDGE, uintptr(unsafe.Pointer(pptr)), uintptr(expr), 0)
61
// PledgePromises implements the pledge syscall.
63
// This changes the promises and leaves the execpromises untouched.
65
// For more information see pledge(2).
66
func PledgePromises(promises string) error {
67
maj, min, err := majmin()
72
err = pledgeAvailable(maj, min, "")
77
// This variable holds the execpromises and is always nil.
78
var expr unsafe.Pointer
80
pptr, err := syscall.BytePtrFromString(promises)
85
_, _, e := syscall.Syscall(SYS_PLEDGE, uintptr(unsafe.Pointer(pptr)), uintptr(expr), 0)
93
// PledgeExecpromises implements the pledge syscall.
95
// This changes the execpromises and leaves the promises untouched.
97
// For more information see pledge(2).
98
func PledgeExecpromises(execpromises string) error {
99
maj, min, err := majmin()
104
err = pledgeAvailable(maj, min, execpromises)
109
// This variable holds the promises and is always nil.
110
var pptr unsafe.Pointer
112
exptr, err := syscall.BytePtrFromString(execpromises)
117
_, _, e := syscall.Syscall(SYS_PLEDGE, uintptr(pptr), uintptr(unsafe.Pointer(exptr)), 0)
125
// majmin returns major and minor version number for an OpenBSD system.
126
func majmin() (major int, minor int, err error) {
133
major, err = strconv.Atoi(string(v.Release[0]))
135
err = errors.New("cannot parse major version number returned by uname")
139
minor, err = strconv.Atoi(string(v.Release[2]))
141
err = errors.New("cannot parse minor version number returned by uname")
148
// pledgeAvailable checks for availability of the pledge(2) syscall
149
// based on the running OpenBSD version.
150
func pledgeAvailable(maj, min int, execpromises string) error {
151
// If OpenBSD <= 5.9, pledge is not available.
152
if (maj == 5 && min != 9) || maj < 5 {
153
return fmt.Errorf("pledge syscall is not available on OpenBSD %d.%d", maj, min)
156
// If OpenBSD <= 6.2 and execpromises is not empty,
157
// return an error - execpromises is not available before 6.3
158
if (maj < 6 || (maj == 6 && min <= 2)) && execpromises != "" {
159
return fmt.Errorf("cannot use execpromises on OpenBSD %d.%d", maj, min)