{"id":22138197,"url":"https://github.com/andinus/lynx","last_synced_at":"2026-05-02T15:34:57.849Z","repository":{"id":97564354,"uuid":"253421393","full_name":"andinus/lynx","owner":"andinus","description":"Lynx is a simple unveil \u0026 pledge wrapper","archived":false,"fork":false,"pushed_at":"2021-01-17T13:59:18.000Z","size":18,"stargazers_count":1,"open_issues_count":0,"forks_count":0,"subscribers_count":2,"default_branch":"main","last_synced_at":"2025-01-29T15:50:43.068Z","etag":null,"topics":["openbsd","openbsd-pledge","pledge","unveil"],"latest_commit_sha":null,"homepage":"https://andinus.nand.sh/lynx","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"isc","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/andinus.png","metadata":{"files":{"readme":"README.org","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2020-04-06T07:08:37.000Z","updated_at":"2021-12-13T15:17:13.000Z","dependencies_parsed_at":"2024-06-20T07:45:35.726Z","dependency_job_id":null,"html_url":"https://github.com/andinus/lynx","commit_stats":null,"previous_names":[],"tags_count":4,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/andinus%2Flynx","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/andinus%2Flynx/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/andinus%2Flynx/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/andinus%2Flynx/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/andinus","download_url":"https://codeload.github.com/andinus/lynx/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":245251054,"owners_count":20584821,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["openbsd","openbsd-pledge","pledge","unveil"],"created_at":"2024-12-01T20:09:00.796Z","updated_at":"2026-05-02T15:34:57.798Z","avatar_url":"https://github.com/andinus.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"#+SETUPFILE: ~/.emacs.d/org-templates/projects.org\n#+EXPORT_FILE_NAME: index\n#+OPTIONS: toc:2\n#+TITLE: Lynx\n\nLynx is a simple /unveil/ \u0026 /pledge/ wrapper. It returns /nil/ on unsupported systems,\ncurrently only /OpenBSD/ is supported.\n\n| Project Home    | [[https://andinus.nand.sh/lynx][Lynx]]           |\n| Source Code     | [[https://git.tilde.institute/andinus/lynx][Andinus / Lynx]] |\n| GitHub (Mirror) | [[https://github.com/andinus/lynx][Lynx - GitHub]]  |\n\n* Why use lynx?\n- *UnveilPaths* \u0026 *UnveilCommands*: /unix/ package provides simple Unveil syscalls so\n  this is useful because you don't have to write these functions yourself\n  manually in every project.\n\n- /lynx/ manages build flags for you, which means that /lynx/ will return nil on\n  unsupported systems whereas you have handle that yourself in /unix/ package.\n\n*Note*: Unveil, UnveilPaths \u0026 UnveilCommands ignore some errors, look at examples\nbefore using them.\n* Examples\n** UnveilPaths / UnveilPathsStrict\nUnveilPaths takes a map of path, permission \u0026 unveils them one by one, it will\nreturn an error if unveil fails at any step. \"no such file or directory\" error\nis ignored, if you want to get that error too then use UnveilPathsStrict.\n\n#+BEGIN_SRC go\npackage main\n\nimport \"git.tilde.institute/andinus/lynx\"\n\nfunc main() {\n\tpaths := make(map[string]string)\n\n\tpaths[\"/home\"] = \"r\"\n\tpaths[\"/dev/null\"] = \"rw\"\n\tpaths[\"/etc/examples\"] = \"rwc\"\n\tpaths[\"/root\"] = \"rwcx\"\n\n\terr = lynx.UnveilPaths(paths)\n\tif err != nil {\n\t\tlog.Fatal(err)\n\t}\n\n\t// This will return an error if the path doesn't exist.\n\terr = lynx.UnveilPathsStrict(paths)\n\tif err != nil {\n\t\tlog.Fatal(err)\n\t}\n}\n#+END_SRC\n** UnveilCommands\nUnveilCommands takes a slice of commands \u0026 unveils them one by one, it will\nreturn an error if unveil fails at any step. \"no such file or directory\" error\nis ignored because binaries are not placed in every PATH.\n\nDefault permission is \"rx\".\n\n#+BEGIN_SRC go\npackage main\n\nimport \"git.tilde.institute/andinus/lynx\"\n\nfunc main() {\n\tcommands := []string{\"cd\", \"ls\", \"rm\"}\n\n\terr = lynx.UnveilCommands(commands)\n\tif err != nil {\n\t\tlog.Fatal(err)\n\t}\n}\n#+END_SRC\n** UnveilBlock\nUnveilBlock is just a wrapper around unix.UnveilBlock, it does nothing extra.\nYou should use unix.UnveilBlock.\n\n#+BEGIN_SRC go\npackage main\n\nimport \"git.tilde.institute/andinus/lynx\"\n\nfunc main() {\n\t// Block further unveil calls.\n\terr = lynx.UnveilBlock()\n\tif err != nil {\n\t\tlog.Fatal(err)\n\t}\n}\n#+END_SRC\n** Unveil / UnveilStrict\nUnveil takes a path, permission \u0026 unveils it, it will return an error if unveil\nfails at any step. \"no such file or directory\" error is ignored, if you want to\nget that error too then use UnveilStrict.\n\n#+BEGIN_SRC go\npackage main\n\nimport \"git.tilde.institute/andinus/lynx\"\n\nfunc main() {\n\tpath := \"/dev/null\"\n\tflags := \"rw\"\n\n\terr = lynx.Unveil(path, flags)\n\tif err != nil {\n\t\tlog.Fatal(err)\n\t}\n\n\t// This will return an error if the path doesn't exist.\n\terr = lynx.UnveilStrict(path, flags)\n\tif err != nil {\n\t\tlog.Fatal(err)\n\t}\n}\n#+END_SRC\n** Pledge / PledgePromises / PledgeExecpromises\nThese are simple wrappers to unix package functions. They add nothing extra, you\ncould simply change lynx.Pledge to unix.Pledge \u0026 it would just work.\n\n#+BEGIN_SRC go\npackage main\n\nimport \"git.tilde.institute/andinus/lynx\"\n\nfunc main() {\n\tpromises := \"stdio unveil\"\n\texecpromises := \"stdio\"\n\n\terr = lynx.Pledge(promises, execpromises)\n\tif err != nil {\n\t\tlog.Fatal(err)\n\t}\n\n\t// Drop promises.\n\tpromises = \"stdio\"\n\terr = lynx.PledgePromises(promises)\n\tif err != nil {\n\t\tlog.Fatal(err)\n\t}\n\n\t// Drop execpromises.\n\texecpromises = \"\"\n\terr = lynx.PledgeExecpromises(execpromises)\n\tif err != nil {\n\t\tlog.Fatal(err)\n\t}\n}\n#+END_SRC\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fandinus%2Flynx","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fandinus%2Flynx","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fandinus%2Flynx/lists"}