1 // Copyright 2018 The Go Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style
3 // license that can be found in the LICENSE file.
4 5 package unix
6 7 import "fmt"
8 9 // Unveil implements the unveil syscall.
10 // For more information see unveil(2).
11 // Note that the special case of blocking further
12 // unveil calls is handled by UnveilBlock.
13 func Unveil(path string, flags string) error {
14 if err := supportsUnveil(); err != nil {
15 return err
16 }
17 pathPtr, err := BytePtrFromString(path)
18 if err != nil {
19 return err
20 }
21 flagsPtr, err := BytePtrFromString(flags)
22 if err != nil {
23 return err
24 }
25 return unveil(pathPtr, flagsPtr)
26 }
27 28 // UnveilBlock blocks future unveil calls.
29 // For more information see unveil(2).
30 func UnveilBlock() error {
31 if err := supportsUnveil(); err != nil {
32 return err
33 }
34 return unveil(nil, nil)
35 }
36 37 // supportsUnveil checks for availability of the unveil(2) system call based
38 // on the running OpenBSD version.
39 func supportsUnveil() error {
40 maj, min, err := majmin()
41 if err != nil {
42 return err
43 }
44 45 // unveil is not available before 6.4
46 if maj < 6 || (maj == 6 && min <= 3) {
47 return fmt.Errorf("cannot call Unveil on OpenBSD %d.%d", maj, min)
48 }
49 50 return nil
51 }
52