On 2026/03/14 21:13, Renato Aguiar wrote: > I agree that, in general, pledge/unveil shouldn't be configurable, but, > in this particular case, ungoogled-chromium is loading an external > library (openwv) that isn't distributed with the main application. It is > impossible for it to know for sure what permissions are needed. This is > similar to the shell situation, where it cannot set pledge/unveil for > processes it spawns. > > Even if we assume that ungoogled-chromium will only ever support a > single implementation, it can still break if openwv changes in a way > that requires different pledge/unveil configuration.
This is the same with many programs that use pledge/unveil, loads of them use external libraries, they just have to take account of what those libraries need. If you've got some other cdm library that works then it might be reasonable to extend the compiled-in pledge to support it; that doesn't require moving it to a file. > Maybe openwv should just call pledge/unveil instead. If openwv were used in a different program, having pledge/unveil in openwv might stop that other program from doing what it needs. (For example if it were used in qtwebengine, which is used by a much wider range of programs than a browser). Typically you need to pledge in the program which knows what else it's going to do, not in the library.
