Renato Aguiar <[email protected]> wrote:
> I agree that, in general, pledge/unveil shouldn't be configurable, but,
> in this particular case, ungoogled-chromium is loading an external
> library (openwv) that isn't distributed with the main application. It is
> impossible for it to know for sure what permissions are needed.
Impossible?? I dispute that.
I also dispute that if a developer cannot narrow down the MAXIMUM
featureset it uses, then it is even more impossible for a USER to
perform that task.
> This is
> similar to the shell situation, where it cannot set pledge/unveil for
> processes it spawns.
No it is not.
Look if the situation is completely unworkable then you need to remove
all the pledges and unveils, because you are just causing 1) crashes,
2) divergent behaviour relative to the POSIX expectatations of the
program, 3) broken files left behind due to the crashes, which are picked
up in subsequent restarts.
Alternatively, determine all the things that library (or all those
libraries do), and then make them work to The Contract, or specify a
very loose Contract.
If you don't do that, you are fighting battle that will always result
in an an unreliable application.
pledge and unveil were not designed to give people unreliable applications.
>From the manual page;
Use of pledge() in an application will require at least some study and
understanding of the interfaces called.
If you don't do that, you are not using it right.
