They're not needed on OpenBSD nor in other systems... except under
sandbox. These were added for capsicum() if I remember correctly,
but also with landlock it's better to initialize these things
earlier.
Was requested ages ago by Karl Jeacle, now that there is some better
support for configuring the logging there's no excuse to add this.
It helps with filtering from syslog.d / syslog.conf.
simplifies further handling. The stdio layer introduces its own
buffering and for the logs I'd like to avoid it. fflush(3) is an
option, but using a raw fd and dprintf(2) requires less code.
It uses the 'common' proc.c from various OpenBSD-daemons.
gmid grew organically bit by bit and it was also the first place where I
tried to implement privsep. It wasn't done very well, in fact the
parent process (that retains root privileges) just fork()s a generation
of servers, all sharing *exactly* the same address space. No good!
Now, we fork() and re-exec() ourselves, so that each process has a fresh
address space.
Some features (require client ca for example) are temporarly disabled,
will be fixed in subsequent commits. The "ge" program is also
temporarly disabled as it needs tweaks to do privsep too.
Omar Polo