I really disagree with this direction.
pledge is not a thing that users should be able to tweak.
The pledge arguments, and more specifically the PLACES where the pledge
calls happen and the code restructuring to do things before pledge and
after pledge, is an inate property of the code. USERS CANNOT AND SHOULD
NOT TOUCH THIS!
We don't have a /etc/bgpd/pledge.config file.
Regarding unveil, I think it is also becoming a problem, becausae with the
recent /dev/null change the system demands a change in the unveils, but they
are now in a user-modified file.
Robert originally did it this way during pledge, and later unveil, as a
early development process but I don't think it makes sense anymore.
The flexibility you are proposing here is simply dangerous.
> I'd like to propose changing ungoogled-chromium port to read pledge
> configuration for CDN sandbox from a config file instead of having it
> hardcoded to what openvw needs.
>
> That would make it easier for any alternative implementations that may
> require a different set of pledges.
>
> Here is a diff with the proposed change, default pledge remains the
> same:
>
> diff --git a/www/ungoogled-chromium/Makefile b/www/ungoogled-chromium/Makefile
> index c05aa6c00e4..498db5eafc2 100644
> --- a/www/ungoogled-chromium/Makefile
> +++ b/www/ungoogled-chromium/Makefile
> @@ -16,7 +16,7 @@ COMMENT= Chromium browser sans integration with Google
> V= 145.0.7632.159
> UGV= ${V}-1
>
> -REVISION= 0
> +REVISION= 1
>
> DISTNAME= ungoogled-chromium-${V}
>
> @@ -372,7 +372,7 @@ do-install:
> ${INSTALL_DATA_DIR} ${PREFIX}/share/examples/ungoogled-chromium
> .for f in pledge.main pledge.utility_audio pledge.utility_network pledge.utility_video \
> unveil.gpu unveil.main unveil.utility_audio unveil.utility_network unveil.utility_video \
> - unveil.cdm
> + unveil.cdm pledge.cdm
> ${INSTALL_DATA} ${FILESDIR}/${f} ${PREFIX}/share/examples/ungoogled-chromium
> .endfor
>
> diff --git a/www/ungoogled-chromium/files/pledge.cdm b/www/ungoogled-chromium/files/pledge.cdm
> new file mode 100644
> index 00000000000..32639079cb6
> --- /dev/null
> +++ b/www/ungoogled-chromium/files/pledge.cdm
> @@ -0,0 +1 @@
> +stdio rpath flock recvfd sendfd
> diff --git a/www/ungoogled-chromium/files/unveil.cdm b/www/ungoogled-chromium/files/unveil.cdm
> index 76d04d3e5fc..176175200f9 100644
> --- a/www/ungoogled-chromium/files/unveil.cdm
> +++ b/www/ungoogled-chromium/files/unveil.cdm
> @@ -1,6 +1,7 @@
> /dev/null rw
>
> /etc/openwv r
> +/etc/ungoogled-chromium/pledge.cdm r
> /usr/local/lib/openwv r
>
> # needed for IPC communication, X.Org, etc.
> diff --git a/www/ungoogled-chromium/patches/patch-sandbox_policy_openbsd_sandbox_openbsd_cc b/www/ungoogled-chromium/patches/patch-sandbox_policy_openbsd_sandbox_openbsd_cc
> index 81e0bf7434a..132e95e08c0 100644
> --- a/www/ungoogled-chromium/patches/patch-sandbox_policy_openbsd_sandbox_openbsd_cc
> +++ b/www/ungoogled-chromium/patches/patch-sandbox_policy_openbsd_sandbox_openbsd_cc
> @@ -360,7 +360,7 @@ Index: sandbox/policy/openbsd/sandbox_openbsd.cc
> + SetPledge(NULL, "/etc/ungoogled-chromium/pledge.utility_video");
> + break;
> + case sandbox::mojom::Sandbox::kCdm:
> -+ SetPledge("stdio rpath flock recvfd sendfd", NULL);
> ++ SetPledge(NULL, "/etc/ungoogled-chromium/pledge.cdm");
> + break;
> + case sandbox::mojom::Sandbox::kUtility:
> + case sandbox::mojom::Sandbox::kService:
> diff --git a/www/ungoogled-chromium/pkg/PLIST b/www/ungoogled-chromium/pkg/PLIST
> index 769b4df33b2..917fe1ff657 100644
> --- a/www/ungoogled-chromium/pkg/PLIST
> +++ b/www/ungoogled-chromium/pkg/PLIST
> @@ -5,6 +5,8 @@ share/applications/ungoogled-chromium.desktop
> share/doc/pkg-readmes/${PKGSTEM}
> share/examples/ungoogled-chromium/
> @sample ${SYSCONFDIR}/ungoogled-chromium/
> +share/examples/ungoogled-chromium/pledge.cdm
> +@sample ${SYSCONFDIR}/ungoogled-chromium/pledge.cdm
> share/examples/ungoogled-chromium/pledge.main
> @sample ${SYSCONFDIR}/ungoogled-chromium/pledge.main
> share/examples/ungoogled-chromium/pledge.utility_audio
>
No comments:
Post a Comment