Renato Aguiar <[email protected]> wrote: > That makes sense. Also, I missed that cdm library would have to know > what pledges ungoogled-chromium need, so it wouldn't solve the problem > anyway.
That is not correct. Code does not need to know the pledge arguments. It just needs to honour the implied contract. The code honours it, because the programmer doesn't call pledge with rules which are too strict for the code. The pledge specification must not say the program won't use feature X, if the program is going to use feature X. Your understanding of pledge is really upside down. If the code uses too many features, then you cannot call pledge at all, or the program needs to be refactored to do less. There is no way to setup a pledge for a specific library. It just doesn't make sense. What is your goal here? Main program can call getpwent(), but library X cannot? Main program cannot open an inet socket, but a library can? Here I'm giving an example of two pledge abilities. Obviously pledge features apply to the *WHOLE* of all system features a program uses. > >> Maybe openwv should just call pledge/unveil instead. > > > > If openwv were used in a different program, having pledge/unveil in > > openwv might stop that other program from doing what it needs. > > (For example if it were used in qtwebengine, which is used by a much > > wider range of programs than a browser). > > > > Typically you need to pledge in the program which knows what else it's > > going to do, not in the library. > > Right, I totaally forgot that openwv is not just a ungoogled-chromium > plugin and it could also be used with other browsers. The word "plugin" is not relevant here. Libraries are code running in the context of the whole program. If the library does too much, go refactor it. Alternatively, impose less strict pledge/unveil. There are no other solutions.
