Bump golang.org/x/net from 0.21.0 to 0.23.0 (#113 )

Bumps [golang.org/x/net](https://github.com/golang/net) from 0.21.0 to 0.23.0. - [Commits](https://github.com/golang/net/compare/v0.21.0...v0.23.0) --- updated-dependencies: - dependency-name: golang.org/x/net dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
fix landlock restriction while files do not exists (#114 )
2024-04-19 15:21:34 +01:00 · 2024-04-19 15:15:09 +01:00
3 changed files with 29 additions and 29 deletions
--- a/cmd/wireproxy/main.go
+++ b/cmd/wireproxy/main.go
@@ -76,24 +76,24 @@ func lock(stage string) {
 		// Linux
 		net.DefaultResolver.PreferGo = true // needed to lock down dependencies
 		panicIfError(landlock.V1.BestEffort().RestrictPaths(
-			landlock.ROFiles("/etc/resolv.conf"),
+			landlock.ROFiles("/etc/resolv.conf").IgnoreIfMissing(),
-			landlock.ROFiles("/dev/fd"),
+			landlock.ROFiles("/dev/fd").IgnoreIfMissing(),
-			landlock.ROFiles("/dev/zero"),
+			landlock.ROFiles("/dev/zero").IgnoreIfMissing(),
-			landlock.ROFiles("/dev/urandom"),
+			landlock.ROFiles("/dev/urandom").IgnoreIfMissing(),
-			landlock.ROFiles("/etc/localtime"),
+			landlock.ROFiles("/etc/localtime").IgnoreIfMissing(),
-			landlock.ROFiles("/proc/self/stat"),
+			landlock.ROFiles("/proc/self/stat").IgnoreIfMissing(),
-			landlock.ROFiles("/proc/self/status"),
+			landlock.ROFiles("/proc/self/status").IgnoreIfMissing(),
-			landlock.ROFiles("/usr/share/locale"),
+			landlock.ROFiles("/usr/share/locale").IgnoreIfMissing(),
-			landlock.ROFiles("/proc/self/cmdline"),
+			landlock.ROFiles("/proc/self/cmdline").IgnoreIfMissing(),
-			landlock.ROFiles("/usr/share/zoneinfo"),
+			landlock.ROFiles("/usr/share/zoneinfo").IgnoreIfMissing(),
-			landlock.ROFiles("/proc/sys/kernel/version"),
+			landlock.ROFiles("/proc/sys/kernel/version").IgnoreIfMissing(),
-			landlock.ROFiles("/proc/sys/kernel/ngroups_max"),
+			landlock.ROFiles("/proc/sys/kernel/ngroups_max").IgnoreIfMissing(),
-			landlock.ROFiles("/proc/sys/kernel/cap_last_cap"),
+			landlock.ROFiles("/proc/sys/kernel/cap_last_cap").IgnoreIfMissing(),
-			landlock.ROFiles("/proc/sys/vm/overcommit_memory"),
+			landlock.ROFiles("/proc/sys/vm/overcommit_memory").IgnoreIfMissing(),
-			landlock.RWFiles("/dev/log"),
+			landlock.RWFiles("/dev/log").IgnoreIfMissing(),
-			landlock.RWFiles("/dev/null"),
+			landlock.RWFiles("/dev/null").IgnoreIfMissing(),
-			landlock.RWFiles("/dev/full"),
+			landlock.RWFiles("/dev/full").IgnoreIfMissing(),
-			landlock.RWFiles("/proc/self/fd"),
+			landlock.RWFiles("/proc/self/fd").IgnoreIfMissing(),
 		))
 	default:
 		panic("invalid stage")
--- a/go.mod
+++ b/go.mod
@@ -8,18 +8,18 @@ require (
 	github.com/MakeNowJust/heredoc/v2 v2.0.1
 	github.com/akamensky/argparse v1.4.0
 	github.com/go-ini/ini v1.67.0
 	github.com/landlock-lsm/go-landlock v0.0.0-20240216195629-efb66220540a
 	github.com/sourcegraph/conc v0.3.0
 	github.com/things-go/go-socks5 v0.0.5
 	golang.org/x/net v0.23.0
 	golang.zx2c4.com/wireguard v0.0.0-20231211153847-12269c276173
 	suah.dev/protect v1.2.3
 )
 require (
 	github.com/google/btree v1.1.2 // indirect
-	github.com/landlock-lsm/go-landlock v0.0.0-20240216195629-efb66220540a // indirect
+	golang.org/x/crypto v0.21.0 // indirect
-	github.com/sourcegraph/conc v0.3.0 // indirect
+	golang.org/x/sys v0.18.0 // indirect
 	golang.org/x/crypto v0.19.0 // indirect
 	golang.org/x/net v0.21.0 // indirect
 	golang.org/x/sys v0.17.0 // indirect
 	golang.org/x/time v0.5.0 // indirect
 	golang.zx2c4.com/wintun v0.0.0-20230126152724-0fa3db229ce2 // indirect
 	gvisor.dev/gvisor v0.0.0-20230927004350-cbd86285d259 // indirect
--- a/go.sum
+++ b/go.sum
@@ -18,13 +18,13 @@ github.com/stretchr/testify v1.8.4 h1:CcVxjf3Q8PM0mHUKJCdn+eZZtm5yQwehR5yeSVQQcU
 github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo=
 github.com/things-go/go-socks5 v0.0.5 h1:qvKaGcBkfDrUL33SchHN93srAmYGzb4CxSM2DPYufe8=
 github.com/things-go/go-socks5 v0.0.5/go.mod h1:mtzInf8v5xmsBpHZVbIw2YQYhc4K0jRwzfsH64Uh0IQ=
-golang.org/x/crypto v0.19.0 h1:ENy+Az/9Y1vSrlrvBSyna3PITt4tiZLf7sgCjZBX7Wo=
+golang.org/x/crypto v0.21.0 h1:X31++rzVUdKhX5sWmSOFZxx8UW/ldWx55cbf08iNAMA=
-golang.org/x/crypto v0.19.0/go.mod h1:Iy9bg/ha4yyC70EfRS8jz+B6ybOBKMaSxLj6P6oBDfU=
+golang.org/x/crypto v0.21.0/go.mod h1:0BP7YvVV9gBbVKyeTG0Gyn+gZm94bibOW5BjDEYAOMs=
-golang.org/x/net v0.21.0 h1:AQyQV4dYCvJ7vGmJyKki9+PBdyvhkSd8EIx/qb0AYv4=
+golang.org/x/net v0.23.0 h1:7EYJ93RZ9vYSZAIb2x3lnuvqO5zneoD6IvWjuhfxjTs=
-golang.org/x/net v0.21.0/go.mod h1:bIjVDfnllIU7BJ2DNgfnXvpSvtn8VRwhlsaeUTyUS44=
+golang.org/x/net v0.23.0/go.mod h1:JKghWKKOSdJwpW2GEx0Ja7fmaKnMsbu+MWVZTokSYmg=
 golang.org/x/sys v0.4.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.17.0 h1:25cE3gD+tdBA7lp7QfhuV+rJiE9YXTcS3VG1SqssI/Y=
+golang.org/x/sys v0.18.0 h1:DBdB3niSjOA/O0blCZBqDefyWNYveAYMNF1Wum0DYQ4=
-golang.org/x/sys v0.17.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
+golang.org/x/sys v0.18.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
 golang.org/x/time v0.5.0 h1:o7cqy6amK/52YcAKIPlM3a+Fpj35zvRj2TP+e1xFSfk=
 golang.org/x/time v0.5.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM=
 golang.zx2c4.com/wintun v0.0.0-20230126152724-0fa3db229ce2 h1:B82qJJgjvYKsXS9jeunTOisW56dUokqW/FOteYJJ/yg=