rdelaage
/
gmid
mirror of https://github.com/omar-polo/gmid.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

sync readme.md with sandbox.c

This commit is contained in:
Omar Polo 2021-07-09 08:11:57 +00:00
parent 3d132b2833
commit be52e954c1
1 changed files with 5 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
README.md
View File

@ -169,12 +169,13 @@ to reload the configuration and spawn a new generation of children
process. The logger processes gather the logs and prints 'em to
stderr or syslog (for the time being.) The listener process is the
only one that needs internet access and is sandboxed by default. The
executor process exists only to fork and execute CGI scripts.
executor process exists only to fork and execute CGI scripts, and
optionally to connect to FastCGI applications.
On OpenBSD, the listener runs with the `stdio recvfd rpath inet`
pledges, while the executor has `stdio sendfd proc exec`; both have
unveiled only the served directories. The logger process has pledge
`stdio`.
pledges, while the executor has `stdio sendfd proc exec dns inet
unix`; both have unveiled only the served directories. The logger
process has pledge `stdio recvfd`.
On FreeBSD, the listener and logger process are sandboxed with `capsicum(4)`.