Remi Locherer <[email protected]> wrote: > On Tue, Oct 30, 2018 at 03:20:35PM +0000, Ricardo Mestre wrote: > > Hi, > > > > After all files are opened ripd(8) can have the fs access disabled just > > before > > each process main loop. Its 2 childs already run under chroot, but since > > they > > are still not pledged at least they have no way to read/write/create files > > within > > the chroot. No loads or reloads of the config file happen through any > > signal, > > nor can we do it via ripctl(8). > > > > I was able to run a simple daemon with the example file. Comments? OK? > > control_cleanup() unlinks the control socket on exit. I think you should > either unveil(conf->csock, "c") or remove control_cleanup().
I don't understand this latter comment, let me ask. You think it is smart to leave these sockets lying around? I suspect there are a few oddball programs where it makes senes, but as a general rule I think it is a bad idea; as stated in other threads it means control programs and restart sequences have a bunch more oddball behaviours which will be inconsistant.
