Overview

File yggdrasil-no-openbsd-unveil-1.patch of Package yggdrasil-go

From 1f464b23510924d9977c8088c3fd13207c4e377e Mon Sep 17 00:00:00 2001
From: Oleg Girko <ol@infoserver.lv>
Date: Wed, 25 Dec 2024 17:58:56 +0000
Subject: [PATCH] Revert "Use unveil(2) on OpenBSD (#1194)"

This introduces unnecessary dependency that is meaningless in Linux.

This reverts commit 83ec58afc763ff89d9664876ed2e95fb5842985a.
---
 cmd/yggdrasil/main.go | 16 ----------------
 go.mod                |  1 -
 go.sum                |  2 --
 3 files changed, 19 deletions(-)

diff --git a/cmd/yggdrasil/main.go b/cmd/yggdrasil/main.go
index e430250..f877c25 100644
--- a/cmd/yggdrasil/main.go
+++ b/cmd/yggdrasil/main.go
@@ -14,8 +14,6 @@ import (
 	"strings"
 	"syscall"
 
-	"suah.dev/protect"
-
 	"github.com/gologme/log"
 	gsyslog "github.com/hashicorp/go-syslog"
 	"github.com/hjson/hjson-go/v4"
@@ -41,20 +39,6 @@ type node struct {
 
 // The main function is responsible for configuring and starting Yggdrasil.
 func main() {
-	// Not all operations are coverable with pledge(2), so immediately
-	// limit file system access with unveil(2), effectively preventing
-	// "proc exec" promises right from the start:
-	//
-	// - read arbitrary config file
-	// - create/write arbitrary log file
-	// - read/write/chmod/remove admin socket, if at all
-	if err := protect.Unveil("/", "rwc"); err != nil {
-		panic(fmt.Sprintf("unveil: / rwc: %v", err))
-	}
-	if err := protect.UnveilBlock(); err != nil {
-		panic(fmt.Sprintf("unveil: %v", err))
-	}
-
 	genconf := flag.Bool("genconf", false, "print a new config to stdout")
 	useconf := flag.Bool("useconf", false, "read HJSON/JSON config from stdin")
 	useconffile := flag.String("useconffile", "", "read HJSON/JSON config from specified file path")
diff --git a/go.mod b/go.mod
index cae8554..ecc0635 100644
--- a/go.mod
+++ b/go.mod
@@ -44,5 +44,4 @@ require (
 	github.com/mattn/go-runewidth v0.0.16 // indirect
 	github.com/olekukonko/tablewriter v0.0.5
 	github.com/vishvananda/netns v0.0.5 // indirect
-	suah.dev/protect v1.2.4
 )
diff --git a/go.sum b/go.sum
index 37b7e1b..cd03778 100644
--- a/go.sum
+++ b/go.sum
@@ -128,7 +128,5 @@ gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
 gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
 gvisor.dev/gvisor v0.0.0-20230927004350-cbd86285d259 h1:TbRPT0HtzFP3Cno1zZo7yPzEEnfu8EjLfl6IU9VfqkQ=
 gvisor.dev/gvisor v0.0.0-20230927004350-cbd86285d259/go.mod h1:AVgIgHMwK63XvmAzWG9vLQ41YnVHN0du0tEC46fI7yY=
-suah.dev/protect v1.2.4 h1:iVZG/zQB63FKNpITDYM/cXoAeCTIjCiXHuFVByJFDzg=
-suah.dev/protect v1.2.4/go.mod h1:vVrquYO3u1Ep9Ez2z8x+6N6/czm+TBmWKZfiXU2tb54=
 nhooyr.io/websocket v1.8.17 h1:KEVeLJkUywCKVsnLIDlD/5gtayKp8VoCkksHCGGfT9Y=
 nhooyr.io/websocket v1.8.17/go.mod h1:rN9OFWIUwuxg4fR5tELlYC04bXYowCP9GX47ivo2l+c=
-- 
2.47.1
Places