gotd chroot -> unveil

From:: Omar Polo <op@omarpolo.com>
Subject:: Re: gotd chroot -> unveil
To:: Stefan Sperling <stsp@stsp.name>
Cc:: gameoftrees@openbsd.org
Date:: Wed, 14 Dec 2022 10:35:57 +0100

Download raw body.

Thread

2022-12-11 13:42 Stefan Sperling:
gotd chroot -> unveil
- 2022-12-14 09:35 Omar Polo:
  gotd chroot -> unveil

On 2022/12/11 14:42:15 +0100, Stefan Sperling <stsp@stsp.name> wrote:
> This patch requires my "gotd listen process" patch to be applied first:
> https://marc.gameoftrees.org/thread/1670581855.68945_0.html
> 
> Switch gotd from chroot(2) to unveil(2).

reads fine, ok for me.

> In the future, gotd will fork+exec new processes for each client connection.
> Using unveil instead of chroot avoids having to start such processes as root.
> 
> The -portable version could use chroot(2) where no equivalent to unveil(2)
> exists. A future component which starts new processes will be isolated as
> a separate process, which could run as root in the -portable version.

2022-12-11 13:42 Stefan Sperling:
gotd chroot -> unveil
- 2022-12-14 09:35 Omar Polo:
  gotd chroot -> unveil