CVSROOT: /cvs
Module name: ports
Changes by: [email protected] 2018/05/08 17:22:51
Modified files:
security/hitch : Makefile
security/hitch/patches: patch-src_hitch_c
Log message:
Simpler pledge(2) approach
- always call pledge(2) with a string literal, instead of subtracting
promises from a mutable string. Makes it easier to see what privileges
remain.
- call pledge(2) later in the initialization, so that we don't need to
care about too many promises eg "flock".
- always use "cpath" in the main process - needed at least if --pidfile
is passed.
Tested in basic setup, started as root with chroot and started as
_hitch, config reload still works.
ok kn@ (maintainer)
