On 2019/10/28 14:09, joshua stein wrote:
> On Mon, 28 Oct 2019 at 20:04:06 +0100, Sebastien Marie wrote:
> > On Mon, Oct 28, 2019 at 09:26:09AM +0100, Klemens Nanni wrote:
> > > On Sun, Oct 27, 2019 at 12:56:40PM -0500, joshua stein wrote:
> > > > As a workaround, you can add this to
> > > > /usr/local/lib/thunderbird/defaults/pref/all-openbsd.js:
> > > >
> > > > pref("security.sandbox.pledge.main", "junk");
> > > >
> > > > That will cause pledge() to fail rather than continuing with an
> > > > empty list of pledge promises.
> > > I appended this line to ~/.thunderbird/*.default/prefs.js and
> > > thunderbird starts again, thanks. semarie also mentioned this as
> > > workaround off-list.
> > >
> > > However, prefs.js seems to be rewritten, so closing and opening
> > > Thunderbird results in SIGBART again. Won't happen with the global
> > > all-openbsd.js for sure, though.
> > >
> >
> > Hi,
> >
> > The following diff should unbreak mail/mozilla-thunderbird for now.
> >
> > It is a quick fix to have usuable thunderbird, waiting for a proper fix.
> >
> > It just adds invalid promises (instead of the default valid empty promise).
> > It
> > will make thunderbird to show a warning and will effectively disable
> > pledge(2)
> > (as before without sandbox).
> >
> > Comments or OK ?
OK with me.
> Either pass --disable-sandbox in CONFIGURE_ARGS to disable the
> pledge code, or someone that uses Thunderbird can figure out which
> pledge promises are actually needed to make it work and add those to
> all-openbsd.js.
>
> It doesn't really make sense to keep building it with sandboxing
> enabled just to disable it from the preferences.
>
It makes it easier to test and figure out which pledges are needed
if one doesn't have to rebuild the damn thing..
