diff options
| author |   benno <benno@openbsd.org> | 2019-02-10 23:43:31 +0000 |
|---|---|---|
| committer | benno <benno@openbsd.org> | 2019-02-10 23:43:31 +0000 |
| commit | 4c278a6261078244e0bf79f088383b02d0672d58 (patch) | |
| tree | 1a8a45121adae399c6929d8c4266270d9e95758f | |
| parent | fix whitespace (diff) | |
| download | wireguard-openbsd-4c278a6261078244e0bf79f088383b02d0672d58.tar.xz wireguard-openbsd-4c278a6261078244e0bf79f088383b02d0672d58.zip | |
canonical order of pledge()s.
stop at 80 char line lenght.
| -rw-r--r-- | usr.bin/rsync/main.c | 19 | ||||
| -rw-r--r-- | usr.bin/rsync/receiver.c | 4 | ||||
| -rw-r--r-- | usr.bin/rsync/sender.c | 4 | ||||
| -rw-r--r-- | usr.bin/rsync/socket.c | 6 |
4 files changed, 18 insertions, 15 deletions
diff --git a/usr.bin/rsync/main.c b/usr.bin/rsync/main.c index 506c031ac01..44129c2dc85 100644 --- a/usr.bin/rsync/main.c +++ b/usr.bin/rsync/main.c @@ -1,4 +1,4 @@ -/* $Id: main.c,v 1.2 2019/02/10 23:24:14 benno Exp $ */ +/* $Id: main.c,v 1.3 2019/02/10 23:43:31 benno Exp $ */ /* * Copyright (c) 2019 Kristaps Dzonsons <kristaps@bsd.lv> * @@ -296,7 +296,8 @@ main(int argc, char *argv[]) /* Global pledge. */ - if (-1 == pledge("dns inet unveil exec stdio rpath wpath cpath proc fattr", NULL)) + if (-1 == pledge("stdio rpath wpath cpath inet fattr dns proc exec " + "unveil", NULL)) err(EXIT_FAILURE, "pledge"); memset(&opts, 0, sizeof(struct opts)); @@ -353,7 +354,7 @@ main(int argc, char *argv[]) */ if (opts.server) { - if (-1 == pledge("unveil rpath cpath wpath stdio fattr", NULL)) + if (-1 == pledge("stdio rpath wpath cpath fattr unveil", NULL)) err(EXIT_FAILURE, "pledge"); c = rsync_server(&opts, (size_t)argc, argv); return c ? EXIT_SUCCESS : EXIT_FAILURE; @@ -380,7 +381,8 @@ main(int argc, char *argv[]) if (fargs->remote) { assert(FARGS_RECEIVER == fargs->mode); - if (-1 == pledge("dns inet unveil stdio rpath wpath cpath fattr", NULL)) + if (-1 == pledge("stdio rpath wpath cpath inet fattr dns " + "unveil", NULL)) err(EXIT_FAILURE, "pledge"); c = rsync_socket(&opts, fargs); fargs_free(fargs); @@ -389,7 +391,8 @@ main(int argc, char *argv[]) /* Drop the dns/inet possibility. */ - if (-1 == pledge("unveil exec stdio rpath wpath cpath proc fattr", NULL)) + if (-1 == pledge("stdio rpath wpath cpath fattr proc exec unveil", + NULL)) err(EXIT_FAILURE, "pledge"); /* Create a bidirectional socket and start our child. */ @@ -407,13 +410,13 @@ main(int argc, char *argv[]) /* Drop the fork possibility. */ - if (-1 == pledge("unveil exec stdio rpath wpath cpath fattr", NULL)) + if (-1 == pledge("stdio rpath wpath cpath fattr exec unveil", NULL)) err(EXIT_FAILURE, "pledge"); if (0 == child) { close(fds[0]); fds[0] = -1; - if (-1 == pledge("exec stdio", NULL)) + if (-1 == pledge("stdio exec", NULL)) err(EXIT_FAILURE, "pledge"); rsync_child(&opts, fds[1], fargs); /* NOTREACHED */ @@ -421,7 +424,7 @@ main(int argc, char *argv[]) close(fds[1]); fds[1] = -1; - if (-1 == pledge("unveil rpath cpath wpath stdio fattr", NULL)) + if (-1 == pledge("stdio rpath wpath cpath fattr unveil", NULL)) err(EXIT_FAILURE, "pledge"); c = rsync_client(&opts, fds[0], fargs); fargs_free(fargs); diff --git a/usr.bin/rsync/receiver.c b/usr.bin/rsync/receiver.c index 594de55b641..2ce39b2a7b5 100644 --- a/usr.bin/rsync/receiver.c +++ b/usr.bin/rsync/receiver.c @@ -1,4 +1,4 @@ -/* $Id: receiver.c,v 1.2 2019/02/10 23:24:14 benno Exp $ */ +/* $Id: receiver.c,v 1.3 2019/02/10 23:43:31 benno Exp $ */ /* * Copyright (c) 2019 Kristaps Dzonsons <kristaps@bsd.lv> @@ -58,7 +58,7 @@ rsync_receiver(struct sess *sess, struct upload *ul = NULL; mode_t oumask; - if (-1 == pledge("unveil rpath cpath wpath stdio fattr", NULL)) { + if (-1 == pledge("stdio rpath wpath cpath fattr unveil", NULL)) { ERR(sess, "pledge"); goto out; } diff --git a/usr.bin/rsync/sender.c b/usr.bin/rsync/sender.c index e8f2f8f5552..ddb82373d17 100644 --- a/usr.bin/rsync/sender.c +++ b/usr.bin/rsync/sender.c @@ -1,4 +1,4 @@ -/* $Id: sender.c,v 1.2 2019/02/10 23:24:14 benno Exp $ */ +/* $Id: sender.c,v 1.3 2019/02/10 23:43:31 benno Exp $ */ /* * Copyright (c) 2019 Kristaps Dzonsons <kristaps@bsd.lv> * @@ -43,7 +43,7 @@ rsync_sender(struct sess *sess, int fdin, int32_t idx; struct blkset *blks = NULL; - if (-1 == pledge("unveil stdio rpath", NULL)) { + if (-1 == pledge("stdio rpath unveil", NULL)) { ERR(sess, "pledge"); return 0; } diff --git a/usr.bin/rsync/socket.c b/usr.bin/rsync/socket.c index c3fcd82db87..fd323d74f54 100644 --- a/usr.bin/rsync/socket.c +++ b/usr.bin/rsync/socket.c @@ -1,4 +1,4 @@ -/* $Id: socket.c,v 1.2 2019/02/10 23:24:14 benno Exp $ */ +/* $Id: socket.c,v 1.3 2019/02/10 23:43:31 benno Exp $ */ /* * Copyright (c) 2019 Kristaps Dzonsons <kristaps@bsd.lv> * @@ -268,7 +268,7 @@ rsync_socket(const struct opts *opts, const struct fargs *f) /* Drop the DNS pledge. */ - if (-1 == pledge("inet unveil rpath cpath wpath stdio fattr", NULL)) { + if (-1 == pledge("stdio rpath wpath cpath fattr inet unveil", NULL)) { ERR(&sess, "pledge"); goto out; } @@ -290,7 +290,7 @@ rsync_socket(const struct opts *opts, const struct fargs *f) /* Drop the inet pledge. */ - if (-1 == pledge("unveil rpath cpath wpath stdio fattr", NULL)) { + if (-1 == pledge("stdio rpath wpath cpath fattr unveil", NULL)) { ERR(&sess, "pledge"); goto out; } |