use separate backend hooks with tighter pledge

2019-11-27 15:58:41 -05:00 · 2019-11-27 15:58:41 -05:00 · 5435dd1b3f
parent c77ef4636c
commit 5435dd1b3f
2 changed files with 6 additions and 1 deletions
--- a/backend.go
+++ b/backend.go
@ -73,6 +73,8 @@ func shrinkit(data []byte) (*image.Image, error) {
 	return res.Image, nil
 }
 var backendhooks []func()
 func backendServer() {
 	log.Printf("backend server running")
 	shrinker := new(Shrinker)
@ -92,7 +94,7 @@ func backendServer() {
 	if err != nil {
 		log.Panicf("unable to register shrinker: %s", err)
 	}
-	for _, h := range preservehooks {
+	for _, h := range backendhooks {
 		h()
 	}
 	srv.Accept(lis)
--- a/unveil.go
+++ b/unveil.go
@ -62,4 +62,7 @@ func init() {
 		C.unveil(nil, nil)
 		Pledge("stdio rpath wpath cpath flock dns inet unix")
 	})
 	backendhooks = append(backendhooks, func() {
 		Pledge("stdio unix")
 	})
 }