On 01/14/18 18:06, Richard Hipp wrote:

On 1/14/18, Christian Stærk <x...@borderworlds.dk> wrote:
What do you think? Is this desirable?

I'm certainly willing to consider it, but I want to see some examples
before committed to this path.
As for pledge, it is a fairly simple interface. Online man page is here:
https://man.openbsd.org/pledge.2

I wrote a small wrapper for fossil as a sort of proof of concept and to get a better feel for the pledge interface:
https://borderworlds.dk/~xi/fossil-wrapper.c.txt

I tried to add a pledge-call for the status_cmd() function:
https://borderworlds.dk/~xi/fossil-pledge.diff.txt

As the code is, it looks like the entire range of syscalls initially allowed are neccesary all the way through the function. :-/

Best regards
Christian
_______________________________________________
fossil-dev mailing list
fossil-dev@mailinglists.sqlite.org
http://mailinglists.sqlite.org/cgi-bin/mailman/listinfo/fossil-dev

Reply via email to