On 01/14/18 18:06, Richard Hipp wrote:
On 1/14/18, Christian Stærk <x...@borderworlds.dk> wrote:
What do you think? Is this desirable?
I'm certainly willing to consider it, but I want to see some examples
before committed to this path.
As for pledge, it is a fairly simple interface. Online man page is here:
https://man.openbsd.org/pledge.2
I wrote a small wrapper for fossil as a sort of proof of concept and to
get a better feel for the pledge interface:
https://borderworlds.dk/~xi/fossil-wrapper.c.txt
I tried to add a pledge-call for the status_cmd() function:
https://borderworlds.dk/~xi/fossil-pledge.diff.txt
As the code is, it looks like the entire range of syscalls initially
allowed are neccesary all the way through the function. :-/
Best regards
Christian
_______________________________________________
fossil-dev mailing list
fossil-dev@mailinglists.sqlite.org
http://mailinglists.sqlite.org/cgi-bin/mailman/listinfo/fossil-dev