On Wed, Jul 24, 2019 at 09:46:09PM +0200, Klemens Nanni wrote:
> Pledge is not possible due to the ioctls, but as it hoists both the
> control socket and apm device early at startup and only ever possibly
> executes scripts under /etc/apm/, hiding the rest of the filesystem
> becomes easy.
>
> Technically, only "x" is required to traverse the directory and run
> scripts, but we carefully access(2) each script, and that requires the
> read bit regardless of the permission bits being tested.
> Runs fine in daily usage on my X230 with suspend and resume scripts.
>
> Feedback? OK?
Found this diff still in my tree.
Any takers?
Index: apmd.c
===================================================================
RCS file: /cvs/src/usr.sbin/apmd/apmd.c,v
retrieving revision 1.99
diff -u -p -r1.99 apmd.c
--- apmd.c 28 Sep 2020 21:35:14 -0000 1.99
+++ apmd.c 4 Oct 2020 14:31:10 -0000
@@ -490,6 +490,11 @@ main(int argc, char *argv[])
if (statonly)
exit(0);
+ if (unveil(_PATH_APM_ETC_DIR, "rx") == -1)
+ err(1, "unveil");
+ if (unveil(NULL, NULL) == -1)
+ err(1, "unveil");
+
set_driver_messages(ctl_fd, APM_PRINT_OFF);
kq = kqueue();
