1// Copyright 2018 The Go Authors. All rights reserved. 2// Use of this source code is governed by a BSD-style 3// license that can be found in the LICENSE file. 4 5package unix 6 7import "fmt" 8 9// Unveil implements the unveil syscall. 10// For more information see unveil(2). 11// Note that the special case of blocking further 12// unveil calls is handled by UnveilBlock. 13func Unveil(path string, flags string) error { 14 if err := supportsUnveil(); err != nil { 15 return err 16 } 17 pathPtr, err := BytePtrFromString(path) 18 if err != nil { 19 return err 20 } 21 flagsPtr, err := BytePtrFromString(flags) 22 if err != nil { 23 return err 24 } 25 return unveil(pathPtr, flagsPtr) 26} 27 28// UnveilBlock blocks future unveil calls. 29// For more information see unveil(2). 30func UnveilBlock() error { 31 if err := supportsUnveil(); err != nil { 32 return err 33 } 34 return unveil(nil, nil) 35} 36 37// supportsUnveil checks for availability of the unveil(2) system call based 38// on the running OpenBSD version. 39func supportsUnveil() error { 40 maj, min, err := majmin() 41 if err != nil { 42 return err 43 } 44 45 // unveil is not available before 6.4 46 if maj < 6 || (maj == 6 && min <= 3) { 47 return fmt.Errorf("cannot call Unveil on OpenBSD %d.%d", maj, min) 48 } 49 50 return nil 51} 52