This egg provides unveil(2) support for CHICKEN on systems that provide it. unveil is a system call which allows the programmer to restrict a process's access to parts of the filesystem.
- unveil path perm-stringprocedure
unveils the path denoted by the string path using the permissions described by perm-string. This hides all parts of the filesystem from further filesystem-related operations, except for the specified path.
perm-string is a string of zero or more of the following characters giving the indicated permissions on path:
- Make path available for read operations.
- Make path available for write operations.
- Make path available for execute operations.
- Allow path to be created and removed.
This is equivalent to the C call unveil(path, perm-string). See the unveil(2) man page for more details.
Disable future calls to unveil. Any future calls will cause an error to be signaled. Equivalent to (unveil #f #f).
The following restricts the process to read/write access to the current directory only. It is wrapped in a cond-expand which ensures that it is only executed if unveil(2) support is available (currently, only on OpenBSD).
(import (chicken process-context)) (cond-expand (openbsd (begin (import (unveil)) (unveil (current-directory) "rw") (unveil-lock))) (else #t))
About This Egg
Wolfgang Corcoran-Mathe <wcm at sigwinch dot xyzzy without the zy>
- Initial release (2020-11-20)
- Improved errors (2020-11-22)
© 2020 Wolfgang Corcoran-Mathe
Permission to use, copy, modify, and/or distribute this software for any purpose with or without fee is hereby granted, provided that the above copyright notice and this permission notice appear in all copies.
THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.