Download raw body.
got patch: pledge early
On Mon, Jul 25, 2022 at 09:05:02PM +0200, Omar Polo wrote: > i thought it may made sense to pledge early here. > > "rpath wpath cpath" cannot be dropped as we don't know in advance if the > patch will require us to create a new file, and we need to create some > temp. files anyway even in nop mode. in theory maybe we could spawn the > helpers early and drop "proc exec", but i'm still unsure if it's > feasible. ('got patch' requires at least got-read-blob, plus the access > to the fileindex. in the future if we add a -c flag to specify a commit > at which apply the diff it'll require more libexecs) Yes, fine. Most commands call pledge after parsing options, but some already do it before calling getopt() (e.g. cmd_diff). The earlier, the better I guess. > diff /home/op/w/got > commit - 595228385f8c74590756ff446d5b84aad0ebfda7 > path + /home/op/w/got > blob - df883fd1dcb28651677ef268c491f878e506e7fe > file + got/got.c > --- got/got.c > +++ got/got.c > @@ -7948,6 +7948,12 @@ cmd_patch(int argc, char *argv[]) > int patchfd; > int *pack_fds = NULL; > > +#ifndef PROFILE > + if (pledge("stdio rpath wpath cpath fattr proc exec sendfd flock " > + "unveil", NULL) == -1) > + err(1, "pledge"); > +#endif > + > while ((ch = getopt(argc, argv, "np:R")) != -1) { > switch (ch) { > case 'n': > @@ -8015,12 +8021,6 @@ cmd_patch(int argc, char *argv[]) > if (error != NULL) > goto done; > > -#ifndef PROFILE > - if (pledge("stdio rpath wpath cpath fattr proc exec sendfd flock", > - NULL) == -1) > - err(1, "pledge"); > -#endif > - > error = got_patch(patchfd, worktree, repo, nop, strip, reverse, > &patch_progress, NULL, check_cancelled, NULL); > > >
got patch: pledge early