On 8/19/24 3:24 PM, Chaz Kettleson wrote: > On Mon, Aug 19, 2024 at 03:48:20PM GMT, Omar Polo wrote: >> On 2024/08/17 16:28:35 +0100, Stuart Henderson <s...@spacehopper.org> wrote: >>> ok >> Imported >> >> Thank you, >> >> Omar Polo >> > Thanks everyone! Great feedback. > > Below are patches for pledge/unveil for feedback/discussion. > > Here is the approach that was taken: > > - Start with minimal set of promises that did not crash and from review > stdio > rpath - hopm config file, firedns config > wpath - pid file, log file, scanlog file > cpath - pid file, log file, scanlog file > inet > dns > proc - fork (maybe we can remove fork and rc_bg?) > exec - execv on restart > unveil > - Initially unveil nothing > - Remove unneeded chdir (locations are no longer relative) > - Unveil only what is needed if it's needed before main loop > LOGFILE, wc > CONFFILE, r > SCANLOG, wc (only if the option is enabled) > HOPM_BINPATH, x (for execv on restart) > - Reduce promises before main loop > stdio > inet > dns > exec >
committed, thanks!
