On 2021/01/07 16:45, Stuart Henderson wrote:
> On 2021/01/07 16:31, Stefan Hagen wrote:
> > Hello,
> >
> > I've blocked the DoT port and the top DoH servers on my network in order
> > to force all my clients to use my own DNS server. It then happened that
> > Firefox was not able to resolve any domain anymore.
> >
> > After some tracing, it turned out that the main process wants to read
> > /etc/resolv.conf, but is not allowed to because unveil blocks it.
> >
> > I thinks its reasonable to let firefox access resolv.conf.
>
> I don't think this should be done via unveil.
>
> Firefox GPU and main processes have pledge "dns" which bypass unveil to
> permit access to /etc/resolv.conf. So I guess this must be the content
> process.
I've changed my mind on this, there are cases where Firefox can't be
used unless pledge is disabled, but it seems sensible to still allow
unveil in that case. landry, jcs: what do you think?
Index: firefox-esr/Makefile
===================================================================
RCS file: /cvs/ports/www/firefox-esr/Makefile,v
retrieving revision 1.139
diff -u -p -r1.139 Makefile
--- firefox-esr/Makefile 6 Jan 2021 18:23:33 -0000 1.139
+++ firefox-esr/Makefile 14 Jan 2021 20:42:39 -0000
@@ -8,6 +8,7 @@ MOZILLA_BRANCH = release
MOZILLA_PROJECT = firefox-esr
MOZILLA_CODENAME = browser
MOZILLA_DIST = firefox
+REVISION = 0
WRKDIST = ${WRKDIR}/${MOZILLA_DIST}-${MOZILLA_DIST_VERSION:C/esr//}
HOMEPAGE = https://www.mozilla.org/firefox/organizations/
Index: firefox-esr/files/unveil.gpu
===================================================================
RCS file: /cvs/ports/www/firefox-esr/files/unveil.gpu,v
retrieving revision 1.1
diff -u -p -r1.1 unveil.gpu
--- firefox-esr/files/unveil.gpu 28 Jul 2020 14:21:48 -0000 1.1
+++ firefox-esr/files/unveil.gpu 14 Jan 2021 20:42:39 -0000
@@ -6,6 +6,7 @@
/usr/X11R6/lib r
/usr/share/locale r
/usr/local/share r
+/etc/resolv.conf r
/tmp rwc
Index: firefox-esr/files/unveil.main
===================================================================
RCS file: /cvs/ports/www/firefox-esr/files/unveil.main,v
retrieving revision 1.1
diff -u -p -r1.1 unveil.main
--- firefox-esr/files/unveil.main 28 Jul 2020 14:21:48 -0000 1.1
+++ firefox-esr/files/unveil.main 14 Jan 2021 20:42:39 -0000
@@ -7,6 +7,7 @@
/etc/fonts r
/etc/machine-id r
+/etc/resolv.conf r
/usr/local/lib r
/usr/local/lib/firefox-esr rx
Index: tor-browser/browser/Makefile
===================================================================
RCS file: /cvs/ports/www/tor-browser/browser/Makefile,v
retrieving revision 1.54
diff -u -p -r1.54 Makefile
--- tor-browser/browser/Makefile 16 Dec 2020 21:33:14 -0000 1.54
+++ tor-browser/browser/Makefile 14 Jan 2021 20:42:39 -0000
@@ -11,6 +11,7 @@ MOZILLA_PROJECT = ${BROWSER_NAME}
MOZILLA_CODENAME = browser
TL_VERSION = 0.2.26
HE_VERSION = 2020.11.17
+REVISION = 0
EXTRACT_SUFX = .tar.xz
PATCHORIG = .pat.orig
Index: tor-browser/browser/files/unveil.gpu
===================================================================
RCS file: /cvs/ports/www/tor-browser/browser/files/unveil.gpu,v
retrieving revision 1.1
diff -u -p -r1.1 unveil.gpu
--- tor-browser/browser/files/unveil.gpu 23 Oct 2020 07:04:09 -0000
1.1
+++ tor-browser/browser/files/unveil.gpu 14 Jan 2021 20:42:39 -0000
@@ -6,6 +6,7 @@
/usr/X11R6/lib r
/usr/share/locale r
/usr/local/share r
+/etc/resolv.conf r
/tmp rwc
Index: tor-browser/browser/files/unveil.main
===================================================================
RCS file: /cvs/ports/www/tor-browser/browser/files/unveil.main,v
retrieving revision 1.1
diff -u -p -r1.1 unveil.main
--- tor-browser/browser/files/unveil.main 23 Oct 2020 07:04:09 -0000
1.1
+++ tor-browser/browser/files/unveil.main 14 Jan 2021 20:42:39 -0000
@@ -7,6 +7,7 @@
/etc/fonts r
/etc/machine-id r
+/etc/resolv.conf r
/usr/local/lib r
/usr/local/lib/tor-browser rx
Index: mozilla-firefox/Makefile
===================================================================
RCS file: /cvs/ports/www/mozilla-firefox/Makefile,v
retrieving revision 1.447
diff -u -p -r1.447 Makefile
--- mozilla-firefox/Makefile 6 Jan 2021 18:21:45 -0000 1.447
+++ mozilla-firefox/Makefile 14 Jan 2021 20:42:39 -0000
@@ -9,6 +9,7 @@ MOZILLA_VERSION = 84.0.2
MOZILLA_BRANCH = release
MOZILLA_PROJECT = firefox
MOZILLA_CODENAME = browser
+REVISION = 0
WRKDIST = ${WRKDIR}/${MOZILLA_DIST}-${MOZILLA_DIST_VERSION:C/b[0-9]*//}
HOMEPAGE = https://www.mozilla.org/firefox/
Index: mozilla-firefox/files/unveil.gpu
===================================================================
RCS file: /cvs/ports/www/mozilla-firefox/files/unveil.gpu,v
retrieving revision 1.3
diff -u -p -r1.3 unveil.gpu
--- mozilla-firefox/files/unveil.gpu 21 Oct 2020 06:18:11 -0000 1.3
+++ mozilla-firefox/files/unveil.gpu 14 Jan 2021 20:42:39 -0000
@@ -7,6 +7,7 @@
/usr/share/locale r
/usr/local/share r
/usr/lib r
+/etc/resolv.conf r
/tmp rwc
Index: mozilla-firefox/files/unveil.main
===================================================================
RCS file: /cvs/ports/www/mozilla-firefox/files/unveil.main,v
retrieving revision 1.6
diff -u -p -r1.6 unveil.main
--- mozilla-firefox/files/unveil.main 15 Dec 2020 16:41:12 -0000 1.6
+++ mozilla-firefox/files/unveil.main 14 Jan 2021 20:42:39 -0000
@@ -10,6 +10,7 @@
/etc/fonts r
/etc/machine-id r
+/etc/resolv.conf r
/usr/local/lib r
/usr/local/lib/firefox rx
