diff options
| author | Jon duSaint | 2022-07-16 17:01:09 -0700 |
|---|---|---|
| committer | Jon duSaint | 2022-07-16 17:01:09 -0700 |
| commit | d77975cb1c7b9ed5571fc1e700a3a4e281b0a47d (patch) | |
| tree | 49c777d52b0727e724687eec9f22b6f56f03bdd9 | |
| parent | 3bb65296f206357a8df38c5bd8af1882863b4598 (diff) | |
reolink: rearrange sandbox code so it works with daemonize
| -rwxr-xr-x | reolink/reolink | 30 |
1 files changed, 16 insertions, 14 deletions
diff --git a/reolink/reolink b/reolink/reolink index 369f2b1..d950852 100755 --- a/reolink/reolink +++ b/reolink/reolink @@ -180,7 +180,7 @@ sub open_socket { debug ("open($global_config->{socket})"); unlink $global_config->{socket}; my $umask = umask 0117; # rw-rw---- - bind ($server_socket, sockaddr_un ($global_config->{socket})) || die "bind error: $!"; + bind ($server_socket, sockaddr_un ($global_config->{socket})) || die "bind error($global_config->{socket}): $!"; umask $umask; listen ($server_socket, SOMAXCONN) || die "listen error: $!"; $server_socket; @@ -378,24 +378,26 @@ sub run { main::load_params (\%server_params); - chdir ($server_params{spool_dir}) || die "chdir($server_params{spool_dir}): $!"; - - unveil ($server_params{spool_dir}, 'rwxc') || die "unveil($server_params{spool_dir}): $!"; - unveil ($global_config->{socket}, 'rwc') || die "unveil($global_config->{socket}): $!"; - unveil ($global_config->{config}, 'rw') || die "unveil($global_config->{config}): $!"; - unveil ($saved_argv[0], 'rx') || die "unveil($saved_argv[0]): $!"; - unveil ('/etc/protocols', 'r') || die "unveil(/etc/protocols): $!"; # HTTP::Tiny - unveil ('/etc/localtime', 'r') || die "unveil(/etc/localtime): $!"; # localtime - unveil ('/usr/share/zoneinfo', 'rx') || die "unveil (/usr/share/zoneinfo): $!"; # localtime - unveil () || die "failed to lock unveil: $!"; - unless ($debug) { - pledge (qw/rpath wpath cpath inet proc unix/) or die "Failed to pledge: $!"; - openlog ('reolinkd', 'PID', LOG_DAEMON); + pledge (qw/rpath wpath cpath inet proc unix unveil/) or die "Failed to pledge: $!"; + openlog ('reolink', 'PID', LOG_DAEMON); $SIG{__DIE__} = sub { syslog (LOG_CRIT, "fatal: @_") }; + daemonize; + + unveil ($server_params{spool_dir}, 'rwxc') || die "unveil($server_params{spool_dir}): $!"; + unveil ($global_config->{socket}, 'rwc') || die "unveil($global_config->{socket}): $!"; + unveil ($global_config->{config}, 'rw') || die "unveil($global_config->{config}): $!"; + unveil ($saved_argv[0], 'rx') || die "unveil($saved_argv[0]): $!"; + unveil ('/etc/protocols', 'r') || die "unveil(/etc/protocols): $!"; # HTTP::Tiny + unveil ('/etc/localtime', 'r') || die "unveil(/etc/localtime): $!"; # localtime + unveil ('/usr/share/zoneinfo', 'rx') || die "unveil (/usr/share/zoneinfo): $!"; # localtime + unveil () || die "failed to lock unveil: $!"; } + make_path ($server_params{spool_dir}, { mode => 0755 }) unless -d $server_params{spool_dir}; + chdir ($server_params{spool_dir}) || die "chdir($server_params{spool_dir}): $!"; + $SIG{HUP} = \&server_reload; $SIG{INT} = \&server_terminate; $SIG{TERM} = \&server_terminate; |