mirrors/wireproxy
1
0
Fork 0
mirror of https://github.com/whyvl/wireproxy.git synced 2025-04-29 19:01:42 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

Fix crash when landlock ABI is outdated

Browse source
This commit is contained in:
pufferffish 2024-04-13 02:33:43 +01:00
parent f54319b736
commit d40aa7f725
1 changed files with 3 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

6
cmd/wireproxy/main.go
View file

@ -62,7 +62,7 @@ func lock(stage string) {
// also remove unveil permission to lock unveil // also remove unveil permission to lock unveil
pledgeOrPanic("stdio rpath inet dns proc exec") pledgeOrPanic("stdio rpath inet dns proc exec")
// Linux // Linux
panicIfError(landlock.V4.BestEffort().RestrictPaths( panicIfError(landlock.V1.BestEffort().RestrictPaths(
landlock.RODirs("/"), landlock.RODirs("/"),
)) ))
case "boot-daemon": case "boot-daemon":
@ -75,7 +75,7 @@ func lock(stage string) {
pledgeOrPanic("stdio inet dns") pledgeOrPanic("stdio inet dns")
// Linux // Linux
net.DefaultResolver.PreferGo = true // needed to lock down dependencies net.DefaultResolver.PreferGo = true // needed to lock down dependencies
panicIfError(landlock.V4.BestEffort().RestrictPaths( panicIfError(landlock.V1.BestEffort().RestrictPaths(
landlock.ROFiles("/etc/resolv.conf"), landlock.ROFiles("/etc/resolv.conf"),
landlock.ROFiles("/dev/fd"), landlock.ROFiles("/dev/fd"),
landlock.ROFiles("/dev/zero"), landlock.ROFiles("/dev/zero"),
@ -136,7 +136,7 @@ func lockNetwork(sections []wireproxy.RoutineSpawner, infoAddr *string) {
} }
} }
panicIfError(landlock.V4.RestrictNet(rules...)) panicIfError(landlock.V4.BestEffort().RestrictNet(rules...))
} }
func main() { func main() {