On 8/19/24 3:24 PM, Chaz Kettleson wrote:
> On Mon, Aug 19, 2024 at 03:48:20PM GMT, Omar Polo wrote:
>> On 2024/08/17 16:28:35 +0100, Stuart Henderson <stu@spacehopper.org> wrote:
>>> ok
>> Imported
>>
>> Thank you,
>>
>> Omar Polo
>>
> Thanks everyone! Great feedback.
>
> Below are patches for pledge/unveil for feedback/discussion.
>
> Here is the approach that was taken:
>
> - Start with minimal set of promises that did not crash and from review
> stdio
> rpath - hopm config file, firedns config
> wpath - pid file, log file, scanlog file
> cpath - pid file, log file, scanlog file
> inet
> dns
> proc - fork (maybe we can remove fork and rc_bg?)
> exec - execv on restart
> unveil
> - Initially unveil nothing
> - Remove unneeded chdir (locations are no longer relative)
> - Unveil only what is needed if it's needed before main loop
> LOGFILE, wc
> CONFFILE, r
> SCANLOG, wc (only if the option is enabled)
> HOPM_BINPATH, x (for execv on restart)
> - Reduce promises before main loop
> stdio
> inet
> dns
> exec
>
committed, thanks!
No comments:
Post a Comment