add unveil

author: Vincent Douillet <vincent@vdouillet.fr> 2023-09-21 15:12:44 +0200
committer: Vincent Douillet <vincent@vdouillet.fr> 2023-09-21 15:12:44 +0200
commit: 9487ad2ef9c7b67511e04bb6b9c31f30fdc3e87c (patch)
tree: 2eecde44c3e4c8969954a5a788eb510a0a466579
parent: 3ce346efc3211c214c8953c43f936a2da40abd92 (diff)
1 files changed, 2 insertions, 0 deletions
diff --git a/main.c b/main.c
index 4ad1bf6..a9a9c5c 100644
--- a/main.c
+++ b/main.c
@@ -65,6 +65,8 @@ main(void)
 			  kcgi_strerror(parse_err));
 
 	/* A bit of security cannot hurt */
+	if (-1 == unveil(DATA_DIR, "r") || -1 == unveil(NULL, NULL))
+		http_exit(&r, KHTTP_500, "Unveil failed: %s", strerror(errno));
 	if (-1 == pledge("stdio rpath wpath cpath", NULL))
 		http_exit(&r, KHTTP_500, "Pledge failed: %s", strerror(errno));
author	Vincent Douillet <vincent@vdouillet.fr>	2023-09-21 15:12:44 +0200
committer	Vincent Douillet <vincent@vdouillet.fr>	2023-09-21 15:12:44 +0200
commit	9487ad2ef9c7b67511e04bb6b9c31f30fdc3e87c (patch)
tree	2eecde44c3e4c8969954a5a788eb510a0a466579
parent	3ce346efc3211c214c8953c43f936a2da40abd92 (diff)