mirror of https://github.com/omar-polo/gmid.git
don't list the exact pledge promises
It's easy to forgot to update the README after a code change (already happened in the past) and they're easy to discover by reading sandbox.c
This commit is contained in:
parent
d65fa58c1b
commit
dcfdb969a2
|
@ -165,10 +165,7 @@ only one that needs internet access and is sandboxed by default. The
|
||||||
executor process exists only to fork and execute CGI scripts, and
|
executor process exists only to fork and execute CGI scripts, and
|
||||||
optionally to connect to FastCGI applications.
|
optionally to connect to FastCGI applications.
|
||||||
|
|
||||||
On OpenBSD, the listener runs with the `stdio recvfd rpath inet`
|
On OpenBSD the processes are all `pledge(2)`d and `unveil(2)`ed.
|
||||||
pledges, while the executor has `stdio sendfd proc exec dns inet
|
|
||||||
unix`; both have unveiled only the served directories. The logger
|
|
||||||
process has pledge `stdio recvfd`.
|
|
||||||
|
|
||||||
On FreeBSD, the listener and logger process are sandboxed with `capsicum(4)`.
|
On FreeBSD, the listener and logger process are sandboxed with `capsicum(4)`.
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue