Re: go, pledge, and dns

2022-01-30 Thread Theo de Raadt
This change is OK with me. The mdns.allow stuff should be fixed by go recognizing that it doesn't exist in OpenBSD, and not attempting the open. Ted Unangst wrote: > A go program that uses pledge("dns") mostly works except for two > incompatibilities with the way golang's dns library works. Oth

go, pledge, and dns

2022-01-30 Thread Ted Unangst
A go program that uses pledge("dns") mostly works except for two incompatibilities with the way golang's dns library works. Otherwise pledge("rpath") is required. 1. go likes to stat /etc/hosts to check for changes. I think this is reasonable behavior. Patch below adds a whitelist to the kernel to