README
¶
godrop - drop privileges
Godrop is a simple library to drop privileges on Linux and OpenBSD.
See the examples directory on how to use the Drop and MultiDrop functions.
Documentation
¶
Overview ¶
Package godrop provides a simple library to drop privileges on Linux and OpenBSD.
Index ¶
- func Drop(c Config, f func() (net.Listener, error)) error
- func GetListener() (net.Listener, error)
- func GetListenerFd(fd int) (net.Listener, error)
- func MultiDrop(c Config, f func() ([]net.Listener, error)) error
- func Pledge(promises, execpromises string) error
- func PledgeExecpromises(execpromises string) error
- func PledgePromises(promises string) error
- func Unveil(path, flags string) error
- func UnveilBlock() error
- type Config
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func GetListener ¶
GetListener returns the listener socket of file descriptor 3
func GetListenerFd ¶
GetListenerFd returns the listener socket of the given file descriptor
func PledgeExecpromises ¶ added in v2.1.0
PledgeExecPromises is currently only supported on OpenBSD.
func PledgePromises ¶ added in v2.1.0
PledgePromises is currently only supported on OpenBSD.
func UnveilBlock ¶ added in v2.1.0
func UnveilBlock() error
UnveilBlock is currently only supported on OpenBSD.
Types ¶
type Config ¶
type Config struct {
// User is the user to drop privileges to.
User string
// Group is the group to drop privileges to.
Group string
// Chroot is the directory to chroot into. Leave this emptry for no chroot.
// When compiling without cgo, make sure the chroot directory contains the /etc/passwd and /etc/group files.
Chroot string
// Set to true, to run the process in the foreground.
Foreground bool
}
Config represents the drop config
Source Files
Directories
Click to show internal directories.
Click to hide internal directories.