Merge pull request #7 from timkuijsten/pledge

pledge stdio, inet and dns on OpenBSD

.github/workflows/go.yml

@@ -19,7 +19,7 @@ jobs:
     - name: Set up Go
       uses: actions/setup-go@v4
       with:
-        go-version: '1.20'
+        go-version: '1.22'
 
     - name: Build
       run: go build -v ./...

filter-spfgreylist.go

@@ -29,6 +29,7 @@ import (
 	"log"
 
 	"blitiri.com.ar/go/spf"
+	"go.netsend.nl/ossec"
 )
 
 type session struct {
@@ -479,6 +480,13 @@ func main() {
 	whiteexp = int64(*flagWhiteexp / time.Second)
 
 	loadWhitelists()
+
+	err := ossec.PledgePromises("stdio inet dns")
+	if err != nil {
+		fmt.Fprintf(os.Stderr, "pledge failed: %v\n", err)
+		os.Exit(1)
+	}
+
 	go listsManager()
 
 	scanner := bufio.NewScanner(os.Stdin)

go.mod

@@ -1,5 +1,10 @@
 module github.com/poolpOrg/filter-spfgreylist
 
-go 1.20
+go 1.22
 
-require blitiri.com.ar/go/spf v1.5.1
+require (
+	blitiri.com.ar/go/spf v1.5.1
+	go.netsend.nl/ossec v1.2.0
+)
+
+require golang.org/x/sys v0.19.0 // indirect

go.sum

@@ -1,5 +1,9 @@
 blitiri.com.ar/go/spf v1.5.1 h1:CWUEasc44OrANJD8CzceRnRn1Jv0LttY68cYym2/pbE=
 blitiri.com.ar/go/spf v1.5.1/go.mod h1:E71N92TfL4+Yyd5lpKuE9CAF2pd4JrUq1xQfkTxoNdk=
+go.netsend.nl/ossec v1.2.0 h1:f7Ap54USa5OY44BDv6n3JF5tTgiuuySYHrPa7pUfCzU=
+go.netsend.nl/ossec v1.2.0/go.mod h1:PzDWSHzvriA64F1b3CKE2EpZ3VBupcfUf3Z6usag5c4=
+golang.org/x/sys v0.19.0 h1:q5f1RH2jigJ1MoAWp2KTp3gm5zAGFUTarQZ5U386+4o=
+golang.org/x/sys v0.19.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
 gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=