On Tue, Feb 12, 2019 at 10:23:53AM +0100, Karel Gardas wrote:
>
> Just iridium user here.
>
> On Tue, 12 Feb 2019 07:02:31 +0100
> Solene Rapenne <sol...@perso.pw> wrote:
>
> > So, iridium can only display paths allowed in /etc/iridium/, this
>
> This "allowed in /etc/iridium/" is quite confusing. Shouldn't this be
> "allowed in /etc/iridium/unveil.main" unveil definition file for the main
> Iridium process" or something like that?
>
>
> ", but we highly discourage this practise" -- or something like that may be
> added here IMHO.
>
> Thanks!
> Karel
thanks for feedback. I'm unsure about wording, I reworked it a bit from
your suggestions.
Index: pkg/README
===================================================================
RCS file: pkg/README
diff -N pkg/README
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ pkg/README 12 Feb 2019 18:13:05 -0000
@@ -0,0 +1,27 @@
+$OpenBSD: README-main,v 1.2 2018/09/04 12:46:25 espie Exp $
+
++-----------------------------------------------------------------------
+| Running ${PKGSTEM} on OpenBSD
++-----------------------------------------------------------------------
+
+Unveil
+=================
+Iridium has been patched to use pledge and unveil, so it can only
+display paths allowed in /etc/iridium/unveil.main, this includes
+the following paths:
+
+ ~/Documents ~/Downloads ~/Music
+ ~/Pictures ~/Videos /tmp
+
+If you need to upload a file, you need to make the file available
+in one of those folders.
+
+When iridium file browser is showing up, it may be displaying an
+unauthorized folder which will appear empty, which mean it is not
+possible to browse to some other location. One can use the keyboard
+shortcut Ctrl+L and type a path in the upper address bar to reach a
+whitelisted path.
+
+If you want your browser to be able to walk through your filesystem,
+which is discouraged, unveil can be disabled at runtime by using the
+parameter --disable-unveil
