On Wed, Nov 08, 2023 at 03:11:33PM +0100, Landry Breuil wrote:
> Le Wed, Nov 08, 2023 at 02:56:53PM +0100, Landry Breuil a écrit :
> > if you want to go down that road, barring any glib madness about various
> > ~/.cache or .local stuff, upower itself should only need wc on
> > /var/db/upower/
>
> bah, spoke too fast, it also needs var/run/dbus to talk to the
> systemwide dbus daemon:
>
> + if (unveil("/", "r") == -1)
> + err(1, "unveil /");
> + if (unveil("/var/run/dbus/", "rw") == -1)
> + err(1, "unveil /var/run/dbus");
> + if (unveil("/var/db/upower", "rwc") == -1)
> + err(1, "unveil /var/db/upower");
> + if (unveil(NULL, NULL) == -1)
> + err(1, "unveil NULL");
>
> with that it seems to work here.
I welcome this direction, but haven't gone through the code yet wrt.
read/write/create file access -- not as easy as hunting for x bits,
as you also demonstrated.
If consense is to use unveil() here, I'd be happy to start with a diff
like mine and iterate.
No comments:
Post a Comment