Pledge is not possible due to the ioctls, but as it hoists both the
control socket and apm device early at startup and only ever possibly
executes scripts under /etc/apm/, hiding the rest of the filesystem
becomes easy.
Technically, only "x" is required to traverse the directory and run
scripts, but we carefully access(2) each script, and that requires the
read bit regardless of the permission bits being tested.
Feedback? OK?
Runs fine in daily usage on my X230 with suspend and resume scripts.
Feedback? OK?
Index: apmd.c
===================================================================
RCS file: /cvs/src/usr.sbin/apmd/apmd.c,v
retrieving revision 1.86
diff -u -p -r1.86 apmd.c
--- apmd.c 22 Jul 2019 08:06:52 -0000 1.86
+++ apmd.c 22 Jul 2019 08:07:17 -0000
@@ -483,6 +483,11 @@ main(int argc, char *argv[])
if (statonly)
exit(0);
+ if (unveil(_PATH_APM_ETC_DIR, "rx") == -1)
+ err(1, "unveil");
+ if (unveil(NULL, NULL) == -1)
+ err(1, "unveil");
+
set_driver_messages(ctl_fd, APM_PRINT_OFF);
kq = kqueue();
