rdelaage
/
gmid
mirror of https://github.com/omar-polo/gmid.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

don't list the exact pledge promises 

It's easy to forgot to update the README after a code change (already
happened in the past) and they're easy to discover by reading
sandbox.c
This commit is contained in:
Omar Polo 2021-10-24 16:52:39 +00:00
parent d65fa58c1b
commit dcfdb969a2
1 changed files with 1 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
README.md
View File

@ -165,10 +165,7 @@ only one that needs internet access and is sandboxed by default. The
executor process exists only to fork and execute CGI scripts, and
optionally to connect to FastCGI applications.
On OpenBSD, the listener runs with the `stdio recvfd rpath inet`
pledges, while the executor has `stdio sendfd proc exec dns inet
unix`; both have unveiled only the served directories. The logger
process has pledge `stdio recvfd`.
On OpenBSD the processes are all `pledge(2)`d and `unveil(2)`ed.
On FreeBSD, the listener and logger process are sandboxed with `capsicum(4)`.