Hello, As a user i come across one use case where i m thinking : i do not want any program/exec to modify base or local base ( (/usr and /bin /bsd etc.. ) except syspatch and pkg_add -u.
Please stop and tell if it does not make sense. I did look at pledge(2) and mount as pledge may force rdonly and mount as wxallowed. I did not really find a clever way to enforce pkg_add and syspatch to be the only binaries to actually write in usr/local and base 'stuff'. Because mount can have multiple device on one patch i was tricked to think, it would be fun to mount one device in multiple place ( rdonly ) and one time rw. Which would somewhat allow to chroot to a writable system before running syspatch. Another way would to force every program to be pledge rdonly by default on non /var /tmp path and the force some kind of flag to allow writing in specific path. Like wxallowed, but pledgewrite, then the binary would call pledge() and gain write access. Maybe a bit too complex and strange. If you read that far, thank you, can you think of a clever way to enforce this policy without heavily modifying the base ? Best. -- -- --------------------------------------------------------------------------------------------------------------------- Knowing is not enough; we must apply. Willing is not enough; we must do
