s/XMPPIPE_RESTRICT/RESTRICT/gi

Makefile

@@ -12,8 +12,8 @@ ifeq ($(UNAME_SYS), Linux)
 			  -Wstrict-prototypes -Wmissing-prototypes \
 			  -pie -fPIE \
 			  -fno-strict-aliasing
-	XMPPIPE_RESTRICT_PROCESS ?= seccomp
-	XMPPIPE_RESTRICT_PROCESS_RLIMIT_NOFILE ?= 0
+	RESTRICT_PROCESS ?= seccomp
+	RESTRICT_PROCESS_RLIMIT_NOFILE ?= 0
 	LDFLAGS ?= -Wl,-z,relro,-z,now -Wl,-z,noexecstack
 else ifeq ($(UNAME_SYS), FreeBSD)
 	CFLAGS ?= -DHAVE_STRTONUM \
@@ -21,7 +21,7 @@ else ifeq ($(UNAME_SYS), FreeBSD)
 			  -Wformat -Werror=format-security \
 			  -pie -fPIE \
 			  -fno-strict-aliasing
-	XMPPIPE_RESTRICT_PROCESS ?= capsicum
+	RESTRICT_PROCESS ?= capsicum
 	LDFLAGS ?= -Wl,-z,relro,-z,now -Wl,-z,noexecstack
 else ifeq ($(UNAME_SYS), OpenBSD)
 	CFLAGS ?= -DHAVE_STRTONUM \
@@ -29,7 +29,7 @@ else ifeq ($(UNAME_SYS), OpenBSD)
 			  -Wformat -Werror=format-security \
 			  -pie -fPIE \
 			  -fno-strict-aliasing
-	XMPPIPE_RESTRICT_PROCESS ?= pledge
+	RESTRICT_PROCESS ?= pledge
 	LDFLAGS ?= -Wl,-z,relro,-z,now -Wl,-z,noexecstack
 else ifeq ($(UNAME_SYS), SunOS)
 else ifeq ($(UNAME_SYS), Darwin)
@@ -39,15 +39,15 @@ else ifeq ($(UNAME_SYS), Darwin)
 			  -fno-strict-aliasing
 endif
 
-XMPPIPE_RESTRICT_PROCESS ?= rlimit
-XMPPIPE_RESTRICT_PROCESS_RLIMIT_NOFILE ?= -1
+RESTRICT_PROCESS ?= rlimit
+RESTRICT_PROCESS_RLIMIT_NOFILE ?= -1
 
 XMPPIPE_CFLAGS ?= -g -Wall
 CFLAGS += $(XMPPIPE_CFLAGS) \
 		  -fwrapv \
-		  -DXMPPIPE_RESTRICT_PROCESS=\"$(XMPPIPE_RESTRICT_PROCESS)\" \
-		  -DXMPPIPE_RESTRICT_PROCESS_$(XMPPIPE_RESTRICT_PROCESS) \
-		  -DXMPPIPE_RESTRICT_PROCESS_RLIMIT_NOFILE=$(XMPPIPE_RESTRICT_PROCESS_RLIMIT_NOFILE)
+		  -DRESTRICT_PROCESS=\"$(RESTRICT_PROCESS)\" \
+		  -DRESTRICT_PROCESS_$(RESTRICT_PROCESS) \
+		  -DRESTRICT_PROCESS_RLIMIT_NOFILE=$(RESTRICT_PROCESS_RLIMIT_NOFILE)
 
 LDFLAGS += $(XMPPIPE_LDFLAGS)
 

src/restrict_process_capsicum.c

@@ -12,7 +12,7 @@
  * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
  * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  */
-#ifdef XMPPIPE_RESTRICT_PROCESS_capsicum
+#ifdef RESTRICT_PROCESS_capsicum
 #include <sys/capability.h>
 #include <sys/param.h>
 #include <sys/resource.h>
@@ -23,13 +23,13 @@
 
 #include "xmppipe.h"
 
-int xmppipe_restrict_process_init(xmppipe_state_t *state) {
+int restrict_process_init(xmppipe_state_t *state) {
   struct rlimit rl = {0};
 
   return setrlimit(RLIMIT_NPROC, &rl);
 }
 
-int xmppipe_restrict_process_stdin(xmppipe_state_t *state) {
+int restrict_process_stdin(xmppipe_state_t *state) {
   struct rlimit rl = {0};
   cap_rights_t policy_read;
   cap_rights_t policy_write;

src/restrict_process_null.c

@@ -12,10 +12,10 @@
  * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
  * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  */
-#ifdef XMPPIPE_RESTRICT_PROCESS_null
+#ifdef RESTRICT_PROCESS_null
 #include "xmppipe.h"
 
-int xmppipe_restrict_process_init(xmppipe_state_t *state) { return 0; }
+int restrict_process_init(xmppipe_state_t *state) { return 0; }
 
-int xmppipe_restrict_process_stdin(xmppipe_state_t *state) { return 0; }
+int restrict_process_stdin(xmppipe_state_t *state) { return 0; }
 #endif

src/restrict_process_pledge.c

@@ -12,15 +12,15 @@
  * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
  * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  */
-#ifdef XMPPIPE_RESTRICT_PROCESS_pledge
+#ifdef RESTRICT_PROCESS_pledge
 #include "xmppipe.h"
 #include <unistd.h>
 
-int xmppipe_restrict_process_init(xmppipe_state_t *state) {
+int restrict_process_init(xmppipe_state_t *state) {
   return pledge("stdio inet dns rpath", NULL);
 }
 
-int xmppipe_restrict_process_stdin(xmppipe_state_t *state) {
+int restrict_process_stdin(xmppipe_state_t *state) {
   return pledge("stdio", NULL);
 }
 #endif

src/restrict_process_rlimit.c

@@ -12,23 +12,23 @@
  * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
  * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  */
-#ifdef XMPPIPE_RESTRICT_PROCESS_rlimit
+#ifdef RESTRICT_PROCESS_rlimit
 #include <sys/resource.h>
 #include <sys/time.h>
 
 #include "xmppipe.h"
 
-int xmppipe_restrict_process_init(xmppipe_state_t *state) {
+int restrict_process_init(xmppipe_state_t *state) {
   struct rlimit rl_zero = {0};
 
   return setrlimit(RLIMIT_NPROC, &rl_zero);
 }
 
-int xmppipe_restrict_process_stdin(xmppipe_state_t *state) {
+int restrict_process_stdin(xmppipe_state_t *state) {
   struct rlimit rl = {0};
 
-  rl.rlim_cur = XMPPIPE_RESTRICT_PROCESS_RLIMIT_NOFILE;
-  rl.rlim_max = XMPPIPE_RESTRICT_PROCESS_RLIMIT_NOFILE;
+  rl.rlim_cur = RESTRICT_PROCESS_RLIMIT_NOFILE;
+  rl.rlim_max = RESTRICT_PROCESS_RLIMIT_NOFILE;
 
   if (rl.rlim_cur == (rlim_t)-1) {
     int fd = xmppipe_conn_fd(state);

src/restrict_process_seccomp.c

@@ -12,7 +12,7 @@
  * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
  * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  */
-#ifdef XMPPIPE_RESTRICT_PROCESS_seccomp
+#ifdef RESTRICT_PROCESS_seccomp
 #include <errno.h>
 #include <linux/audit.h>
 #include <linux/filter.h>
@@ -73,7 +73,7 @@
 #define SECCOMP_AUDIT_ARCH 0
 #endif
 
-int xmppipe_restrict_process_init(xmppipe_state_t *state) {
+int restrict_process_init(xmppipe_state_t *state) {
   struct sock_filter filter[] = {
       /* Ensure the syscall arch convention is as expected. */
       BPF_STMT(BPF_LD + BPF_W + BPF_ABS, offsetof(struct seccomp_data, arch)),
@@ -304,7 +304,7 @@ int xmppipe_restrict_process_init(xmppipe_state_t *state) {
   return prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER, &prog);
 }
 
-int xmppipe_restrict_process_stdin(xmppipe_state_t *state) {
+int restrict_process_stdin(xmppipe_state_t *state) {
   struct sock_filter filter[] = {
       /* Ensure the syscall arch convention is as expected. */
       BPF_STMT(BPF_LD + BPF_W + BPF_ABS, offsetof(struct seccomp_data, arch)),

src/xmppipe.c

@@ -97,7 +97,7 @@ int main(int argc, char **argv) {
   jid = xmppipe_getenv("XMPPIPE_USERNAME");
   pass = xmppipe_getenv("XMPPIPE_PASSWORD");
 
-  if (xmppipe_restrict_process_init(state) < 0)
+  if (restrict_process_init(state) < 0)
     err(EXIT_FAILURE, "restrict_process failed");
 
   while ((ch = getopt_long(argc, argv, "a:b:c:dDeF:hI:k:K:o:P:p:r:sS:u:U:vx",
@@ -265,9 +265,9 @@ int main(int argc, char **argv) {
 
   if (state->verbose)
     (void)fprintf(stderr, "restrict_process: stdin: %s\n",
-                  XMPPIPE_RESTRICT_PROCESS);
+                  RESTRICT_PROCESS);
 
-  if (xmppipe_restrict_process_stdin(state) < 0)
+  if (restrict_process_stdin(state) < 0)
     err(EXIT_FAILURE, "restrict_process failed");
 
   if (xmppipe_stream_init(state) < 0)
@@ -557,7 +557,7 @@ static long long xmppipe_strtonum(xmppipe_state_t *state, const char *nptr,
 
 static void usage(xmppipe_state_t *state) {
   (void)fprintf(stderr, "%s %s (using %s mode process restriction)\n",
-                __progname, XMPPIPE_VERSION, XMPPIPE_RESTRICT_PROCESS);
+                __progname, XMPPIPE_VERSION, RESTRICT_PROCESS);
   (void)fprintf(
       stderr,
       "usage: %s [OPTIONS]\n"

src/xmppipe.h

@@ -166,8 +166,8 @@ void xmppipe_stanza_set_text(xmpp_stanza_t *, const char *const);
 void xmppipe_stanza_set_type(xmpp_stanza_t *const, const char *const);
 void xmppipe_stanza_add_child(xmpp_stanza_t *, xmpp_stanza_t *);
 
-int xmppipe_restrict_process_init(xmppipe_state_t *state);
-int xmppipe_restrict_process_stdin(xmppipe_state_t *state);
+int restrict_process_init(xmppipe_state_t *state);
+int restrict_process_stdin(xmppipe_state_t *state);
 int xmppipe_conn_fd(xmppipe_state_t *state);
 
 int b64_ntop(u_char const *src, size_t srclength, char *target,