From 499bf6dd192a5fc9049c6af9b4ed7f6359aecd51 Mon Sep 17 00:00:00 2001
From: apio <blobs.trading@gmail.com>
Date: Wed, 11 Dec 2024 19:56:40 +0100
Subject: [PATCH] gui+system: Add pledges to loginui and startui

---
 gui/loginui.cpp    | 3 +++
 system/startui.cpp | 3 +++
 2 files changed, 6 insertions(+)

diff --git a/gui/loginui.cpp b/gui/loginui.cpp
index fd81b0b2..a81b167c 100644
--- a/gui/loginui.cpp
+++ b/gui/loginui.cpp
@@ -14,6 +14,7 @@
 #include <os/FileSystem.h>
 #include <os/IPC.h>
 #include <os/Process.h>
+#include <os/Security.h>
 #include <pwd.h>
 #include <shadow.h>
 #include <sys/stat.h>
@@ -45,6 +46,8 @@ Result<int> luna_main(int argc, char** argv)
         return 1;
     }
 
+    TRY(os::Security::pledge("stdio rpath wpath proc exec id", nullptr));
+
     setsid();
 
     bool success = os::IPC::Notifier::run_and_wait(
diff --git a/system/startui.cpp b/system/startui.cpp
index 86f9ae88..35307fb6 100644
--- a/system/startui.cpp
+++ b/system/startui.cpp
@@ -15,6 +15,7 @@
 #include <os/IPC.h>
 #include <os/Main.h>
 #include <os/Process.h>
+#include <os/Security.h>
 #include <pwd.h>
 #include <stdlib.h>
 #include <sys/stat.h>
@@ -67,6 +68,8 @@ Result<int> luna_main(int argc, char** argv)
     parser.add_value_argument(username, 'u', "user", "the user to start the UI session as");
     parser.parse(argc, argv);
 
+    TRY(os::Security::pledge("stdio rpath wpath cpath proc exec id", nullptr));
+
     if (geteuid() != 0)
     {
         os::eprintln("error: %s can only be started as root.", argv[0]);