Re: www/iridium README about unveil
On Tue, Feb 12, 2019 at 10:23:53AM +0100, Karel Gardas wrote:
>
> Just iridium user here.
>
> On Tue, 12 Feb 2019 07:02:31 +0100
> Solene Rapenne wrote:
>
> > So, iridium can only display paths allowed in /etc/iridium/, this
>
> This "allowed in /etc/iridium/" is quite confusing. Shouldn't this be
> "allowed in /etc/iridium/unveil.main" unveil definition file for the main
> Iridium process" or something like that?
>
>
> ", but we highly discourage this practise" -- or something like that may be
> added here IMHO.
>
> Thanks!
> Karel
thanks for feedback. I'm unsure about wording, I reworked it a bit from
your suggestions.
Index: pkg/README
===
RCS file: pkg/README
diff -N pkg/README
--- /dev/null 1 Jan 1970 00:00:00 -
+++ pkg/README 12 Feb 2019 18:13:05 -
@@ -0,0 +1,27 @@
+$OpenBSD: README-main,v 1.2 2018/09/04 12:46:25 espie Exp $
+
++---
+| Running ${PKGSTEM} on OpenBSD
++---
+
+Unveil
+=
+Iridium has been patched to use pledge and unveil, so it can only
+display paths allowed in /etc/iridium/unveil.main, this includes
+the following paths:
+
+ ~/Documents ~/Downloads ~/Music
+ ~/Pictures ~/Videos/tmp
+
+If you need to upload a file, you need to make the file available
+in one of those folders.
+
+When iridium file browser is showing up, it may be displaying an
+unauthorized folder which will appear empty, which mean it is not
+possible to browse to some other location. One can use the keyboard
+shortcut Ctrl+L and type a path in the upper address bar to reach a
+whitelisted path.
+
+If you want your browser to be able to walk through your filesystem,
+which is discouraged, unveil can be disabled at runtime by using the
+parameter --disable-unveil
Re: www/iridium README about unveil
Just iridium user here. On Tue, 12 Feb 2019 07:02:31 +0100 Solene Rapenne wrote: > So, iridium can only display paths allowed in /etc/iridium/, this This "allowed in /etc/iridium/" is quite confusing. Shouldn't this be "allowed in /etc/iridium/unveil.main" unveil definition file for the main Iridium process" or something like that? > includes the following paths: > > ~/Documents ~/Downloads ~/Music > ~/Pictures ~/Videos/tmp > > If you need to upload a file, you need to make the file available in one of > those folders. > > When iridium file browser is showing up, it may be displaying an unauthorized > folder which will appear empty, which mean it is not possible to browse to > some > other location. One can use the keyboard shortcut Ctrl+L and type a path in > the > upper address bar to reach a whitelisted path. > > Unveil can be disabled with the parameter --disable-unveil ", but we highly discourage this practise" -- or something like that may be added here IMHO. Thanks! Karel
www/iridium README about unveil
Hi
I'm proposing a pkg/README file for iridium and chromium about unveil.
The following is the iridium README, chromium being the same with
s/iridium/chromium
$OpenBSD: README,v 1.2 2018/09/04 12:46:25 espie Exp $
+---
| Running ${PKGSTEM} on OpenBSD
+---
Unveil
=
Iridium has been patched to use pledge and unveil.
So, iridium can only display paths allowed in /etc/iridium/, this
includes the following paths:
~/Documents ~/Downloads ~/Music
~/Pictures ~/Videos/tmp
If you need to upload a file, you need to make the file available in one of
those folders.
When iridium file browser is showing up, it may be displaying an unauthorized
folder which will appear empty, which mean it is not possible to browse to some
other location. One can use the keyboard shortcut Ctrl+L and type a path in the
upper address bar to reach a whitelisted path.
Unveil can be disabled with the parameter --disable-unveil
