Hi Michael,
On 10.02.2020 14:31, Michael wrote:
On Fri, Feb 07, 2020 at 03:27:33PM +0100, Michael wrote:
Hello ports@,
this patch adds pledge() to net/ngircd. Tested on amd64 with ngircd
running with TLS. Unfortunately the promises can't be further reduced
since this would break /rehash (i.e. reloading the config) later. But
this is better than nothing.
[...]
solene@ pointed out that if the option "PidFile" is being used
unlink()ing the file later fails. However I personally don't like
adding
another promise just for that. I can't see any sensible use case for
ngircds PID file; the Option itself is not set by default.
So my idea would be to either skip or remove the PidFile code, or just
ignore the issue. The abort happens after shutting everything else down
and starting ngircd again works even if the old PID file is still in
place. Both variants mean changing or breaking functionality but that
would be bearable given the low impact IMHO. Using unveil() might also
be an option.
Any thoughts on this?
Active ngircd user here. I personally use the PID file with my
monitoring system
for process supervision (monit in my case). Although I could use process
name
matching, getting the PID from the PIDFile seems more natural.
Cheers
Matthias
PS: I would appreciate a pledged ngircd very much.
