summaryrefslogtreecommitdiff
path: root/util/libreboot-utils/nvmutil.c
diff options
context:
space:
mode:
Diffstat (limited to 'util/libreboot-utils/nvmutil.c')
-rw-r--r--util/libreboot-utils/nvmutil.c30
1 files changed, 21 insertions, 9 deletions
diff --git a/util/libreboot-utils/nvmutil.c b/util/libreboot-utils/nvmutil.c
index 66e47ec8..09801585 100644
--- a/util/libreboot-utils/nvmutil.c
+++ b/util/libreboot-utils/nvmutil.c
@@ -38,10 +38,14 @@ main(int argc, char *argv[])
(void) errhook(exit_cleanup);
+#ifdef __OpenBSD
/* https://man.openbsd.org/pledge.2 */
/* https://man.openbsd.org/unveil.2 */
- xpledgex("stdio flock rpath wpath cpath unveil", NULL);
- xunveilx("/dev/urandom", "r");
+ if (pledge("stdio flock rpath wpath cpath unveil", NULL) == -1)
+ exitf("pledge");
+ if (unveil("/dev/urandom", "r") == -1)
+ exitf("unveil");
+#endif
#ifndef S_ISREG
exitf(
@@ -62,14 +66,22 @@ main(int argc, char *argv[])
cmd = &x->cmd[x->i];
f = &x->f;
- if ((cmd->flags & O_ACCMODE) == O_RDONLY)
- xunveilx(f->fname, "r");
- else
- xunveilx(f->fname, "rwc");
+#ifdef __OpenBSD__
+ if ((cmd->flags & O_ACCMODE) == O_RDONLY) {
+ if (unveil(f->fname, "r") == -1)
+ exitf("unveil");
+ } else {
+ if (unveil(f->fname, "rwc") == -1)
+ exitf("unveil");
+ }
- xunveilx(f->tname, "rwc");
- xunveilx(NULL, NULL);
- xpledgex("stdio flock rpath wpath cpath", NULL);
+ if (unveil(f->tname, "rwc") == -1)
+ exitf("unveil");
+ if (unveil(NULL, NULL) == -1)
+ exitf("unveil");
+ if (pledge("stdio flock rpath wpath cpath", NULL) == -1)
+ exitf("pledge");
+#endif
if (cmd->run == NULL)
exitf("Command not set");
generated by cgit v1.2.1 (git 2.18.0) at 2026-04-21 16:37:36 +0000