add pledge support to three constituents of i3 for wider testing:

i3 itself, i3-msg and i3-nagbar. Unfortunately, i3bar's design is incompatible with pledge. Tested by David Coppa (maintainer), Ralf Horstmann and myself. Thanks for the great feedback! ok dcoppa@
2015-12-21 10:16:03 +00:00 · 2015-12-21 10:16:03 +00:00 · da8b85fdce
commit da8b85fdce
parent 15b56a825a
3 changed files with 62 additions and 4 deletions
--- a/x11/i3/patches/patch-i3-msg_main_c
+++ b/x11/i3/patches/patch-i3-msg_main_c
@ -0,0 +1,18 @@
+$OpenBSD: patch-i3-msg_main_c,v 1.3 2015/12/21 10:16:03 tb Exp $
+
+pledge for i3-msg:
+rpath and unix needed for talking to the i3 socket in /tmp
+
+--- i3-msg/main.c.orig	Wed Sep 30 08:55:10 2015
+++ i3-msg/main.c	Sun Dec 20 14:42:51 2015
+@@ -119,6 +119,10 @@ static yajl_callbacks reply_callbacks = {
+ };
+ 
+ int main(int argc, char *argv[]) {
+#if defined(__OpenBSD__)
+    if (pledge("stdio rpath unix", NULL) == -1)
+        err(EXIT_FAILURE, "pledge");
+#endif
+     char *env_socket_path = getenv("I3SOCK");
+     if (env_socket_path)
+         socket_path = sstrdup(env_socket_path);
--- a/x11/i3/patches/patch-i3-nagbar_main_c
+++ b/x11/i3/patches/patch-i3-nagbar_main_c
@ -1,6 +1,14 @@
-$OpenBSD: patch-i3-nagbar_main_c,v 1.7 2015/10/04 08:48:12 dcoppa Exp $
+$OpenBSD: patch-i3-nagbar_main_c,v 1.8 2015/12/21 10:16:03 tb Exp $
+
+surprisingly wide pledge for this program
+
+"wpath cpath" for writing a script
+"rpath getpw" for checking access permissions
+"proc exec" for executing the script
+"unix" for talking to the i3 socket
+
 --- i3-nagbar/main.c.orig	Wed Sep 30 08:55:10 2015
-+++ i3-nagbar/main.c	Fri Oct  2 16:58:54 2015
+++ i3-nagbar/main.c	Sun Dec 20 15:00:22 2015
@@ -170,7 +170,7 @@ static void handle_button_release(xcb_connection_t *co
     }
 
@ -10,3 +18,15 @@ $OpenBSD: patch-i3-nagbar_main_c,v 1.7 2015/10/04 08:48:12 dcoppa Exp $
     printf("argv0 = %s\n", argv0);
     printf("terminal_cmd = %s\n", terminal_cmd);
 
+@@ -464,6 +464,11 @@ int main(int argc, char *argv[]) {
+ 
+     font = load_font(pattern, true);
+     set_font(&font);
+
+#if defined(__OpenBSD__)
+    if (pledge("stdio rpath wpath cpath getpw proc exec unix", NULL) == -1)
+        err(EXIT_FAILURE, "pledge");
+#endif
+ 
+     xcb_rectangle_t win_pos = get_window_position();
+ 
--- a/x11/i3/patches/patch-src_main_c
+++ b/x11/i3/patches/patch-src_main_c
@ -1,9 +1,15 @@
-$OpenBSD: patch-src_main_c,v 1.14 2015/12/18 15:53:09 dcoppa Exp $
+$OpenBSD: patch-src_main_c,v 1.15 2015/12/21 10:16:03 tb Exp $

 Bugfix: add keymap fall back (_XKB_RULES_NAMES, then defaults)

+add pledge:
+
+"stdio rpath unix" for talking to the i3 socket in /tmp
+"wpath cpath" are needed for the restart-in-place functionality
+"proc exec" for executing programs
+
 --- src/main.c.orig	Wed Sep 30 08:55:10 2015
-+++ src/main.c	Fri Dec 18 13:58:58 2015
+++ src/main.c	Sun Dec 20 14:58:54 2015
@@ -87,6 +87,7 @@ struct ws_assignments_head ws_assignments = TAILQ_HEAD
 
 /* We hope that those are supported and set them to true */
@ -20,3 +26,17 @@ Bugfix: add keymap fall back (_XKB_RULES_NAMES, then defaults)
     if (!extreply->present) {
         DLOG("xkb is not present on this server\n");
     } else {
+@@ -784,6 +786,13 @@ int main(int argc, char *argv[]) {
+         xcb_free_gc(conn, gc);
+         xcb_free_pixmap(conn, pixmap);
+     }
+
+#if defined(__OpenBSD__)
+    /* can't use pledge if shm* calls are used */
+    if (shmlog_size == 0)
+        if (pledge("stdio rpath wpath cpath proc exec unix", NULL) == -1)
+            err(EXIT_FAILURE, "pledge");
+#endif
+ 
+     struct sigaction action;
+