On Fri, Feb 07, 2020 at 03:27:33PM +0100, Michael wrote: > Hello ports@, > > this patch adds pledge() to net/ngircd. Tested on amd64 with ngircd > running with TLS. Unfortunately the promises can't be further reduced > since this would break /rehash (i.e. reloading the config) later. But > this is better than nothing. > > [...]
solene@ pointed out that if the option "PidFile" is being used unlink()ing the file later fails. However I personally don't like adding another promise just for that. I can't see any sensible use case for ngircds PID file; the Option itself is not set by default. So my idea would be to either skip or remove the PidFile code, or just ignore the issue. The abort happens after shutting everything else down and starting ngircd again works even if the old PID file is still in place. Both variants mean changing or breaking functionality but that would be bearable given the low impact IMHO. Using unveil() might also be an option. Any thoughts on this?