| // Copyright 2018 The Go Authors. All rights reserved. |
| // Use of this source code is governed by a BSD-style |
| // license that can be found in the LICENSE file. |
| |
| package unix |
| |
| import "fmt" |
| |
| // Unveil implements the unveil syscall. |
| // For more information see unveil(2). |
| // Note that the special case of blocking further |
| // unveil calls is handled by UnveilBlock. |
| func Unveil(path string, flags string) error { |
| if err := supportsUnveil(); err != nil { |
| return err |
| } |
| pathPtr, err := BytePtrFromString(path) |
| if err != nil { |
| return err |
| } |
| flagsPtr, err := BytePtrFromString(flags) |
| if err != nil { |
| return err |
| } |
| return unveil(pathPtr, flagsPtr) |
| } |
| |
| // UnveilBlock blocks future unveil calls. |
| // For more information see unveil(2). |
| func UnveilBlock() error { |
| if err := supportsUnveil(); err != nil { |
| return err |
| } |
| return unveil(nil, nil) |
| } |
| |
| // supportsUnveil checks for availability of the unveil(2) system call based |
| // on the running OpenBSD version. |
| func supportsUnveil() error { |
| maj, min, err := majmin() |
| if err != nil { |
| return err |
| } |
| |
| // unveil is not available before 6.4 |
| if maj < 6 || (maj == 6 && min <= 3) { |
| return fmt.Errorf("cannot call Unveil on OpenBSD %d.%d", maj, min) |
| } |
| |
| return nil |
| } |