diff --git a/cmd/yggdrasil/main.go b/cmd/yggdrasil/main.go index b3cbecf03..5223be52e 100644 --- a/cmd/yggdrasil/main.go +++ b/cmd/yggdrasil/main.go @@ -312,6 +312,22 @@ func main() { } } + // Promise final modes of operation. At this point, if at all: + // - raw socket is created/open + // - admin socket is created/open + // - privileges are dropped to non-root user + promises := []string{"stdio", "inet", "dns"} + if strings.HasPrefix(cfg.AdminListen, "unix://") { + // Go's net.Listen.Close() itself will delete the file on shutdown. + promises = append(promises, "cpath") + } + if len(cfg.MulticastInterfaces) > 0 { + promises = append(promises, "mcast") + } + if err := protect.Pledge(strings.Join(promises, " ")); err != nil { + panic(fmt.Sprintf("pledge: %v: %v", promises, err)) + } + // Block until we are told to shut down. <-ctx.Done()