On Mon, Apr 20, 2020 at 05:54:12PM +0200, Landry Breuil wrote: > Hi, > > after having discussed it with ratchov@, i think we can remove the audio > pledge from firefox's main process pledge string. > > it was originally added to support the case of users intentionally > disabling sndiod, and getting pledge violations because libsndio would > then try to do direct ioctls on the audio device (that's my > understanding), but with the unveil config we have right now /dev/audio > isnt accessible to the main process, and anyway with the new security > model for audio device access one would have to go to extra length to > make it work (again from my understanding): > - add /dev/audio to unveil paths for main process > - chown the audio device to his user > - and then add the audio pledge class > so at that point, if one doesnt want to run sndiod i think one knows what he's > doing and i dont even see the point of documenting that case in the port > README. > > without sndiod running, and in the default unveil/pledge config we have > right now, /dev/audio is hidden by unveil, and if you unveil it you > would get EPERM when trying to access the device, where previously you > could open it (and crash if you didnt have the audio pledge). > > so the diff below removes the useless audio pledge. What do ppl think > about it ?
As discussed I agree: it doesn't make sense to have non-working support for direct hardware access. OK to drop it.
