Pledge will presumably have per process (including fork()ed process) **path limitations on rpath rpath and wpath calls, why not limitations on inet and unix? On Wed, Apr 26, 2017 at 6:26 AM Janne Johansson <[email protected]> wrote:
> 2017-04-26 13:19 GMT+02:00 Luke Small <[email protected]>: > >> I'm not saying to alter pledge necessarily, maybe make new system call >> like pledge. There aren't any per-process pf rules that are applied. > > > If your daemon has a specific user, you can make such rules in PF. > The goal you stated can be reached already, why keep on suggesting new > syscalls? > > > -- > May the most significant bit of your life be positive. >
