gui+system: Add pledges to loginui and startui
All checks were successful
Build and test / build (push) Successful in 1m46s

This commit is contained in:
apio 2024-12-11 19:56:40 +01:00
parent 94e7dde8af
commit 499bf6dd19
Signed by: apio
GPG Key ID: B8A7D06E42258954
2 changed files with 6 additions and 0 deletions

View File

@ -14,6 +14,7 @@
#include <os/FileSystem.h> #include <os/FileSystem.h>
#include <os/IPC.h> #include <os/IPC.h>
#include <os/Process.h> #include <os/Process.h>
#include <os/Security.h>
#include <pwd.h> #include <pwd.h>
#include <shadow.h> #include <shadow.h>
#include <sys/stat.h> #include <sys/stat.h>
@ -45,6 +46,8 @@ Result<int> luna_main(int argc, char** argv)
return 1; return 1;
} }
TRY(os::Security::pledge("stdio rpath wpath proc exec id", nullptr));
setsid(); setsid();
bool success = os::IPC::Notifier::run_and_wait( bool success = os::IPC::Notifier::run_and_wait(

View File

@ -15,6 +15,7 @@
#include <os/IPC.h> #include <os/IPC.h>
#include <os/Main.h> #include <os/Main.h>
#include <os/Process.h> #include <os/Process.h>
#include <os/Security.h>
#include <pwd.h> #include <pwd.h>
#include <stdlib.h> #include <stdlib.h>
#include <sys/stat.h> #include <sys/stat.h>
@ -67,6 +68,8 @@ Result<int> luna_main(int argc, char** argv)
parser.add_value_argument(username, 'u', "user", "the user to start the UI session as"); parser.add_value_argument(username, 'u', "user", "the user to start the UI session as");
parser.parse(argc, argv); parser.parse(argc, argv);
TRY(os::Security::pledge("stdio rpath wpath cpath proc exec id", nullptr));
if (geteuid() != 0) if (geteuid() != 0)
{ {
os::eprintln("error: %s can only be started as root.", argv[0]); os::eprintln("error: %s can only be started as root.", argv[0]);