"GOT", but the "O" is a cute, smiling pufferfish. Index | Thread | Search

From:
Stefan Sperling <stsp@stsp.name>
Subject:
Re: gotd: unveil in PROFILE builds
To:
Mikhail <mp39590@gmail.com>
Cc:
Omar Polo <op@omarpolo.com>, gameoftrees@openbsd.org
Date:
Tue, 2 May 2023 21:08:30 +0200

Download raw body.

Thread
On Tue, May 02, 2023 at 09:09:23PM +0300, Mikhail wrote:
> On Tue, May 02, 2023 at 07:50:47PM +0200, Omar Polo wrote:
> > On 2023/05/01 21:43:19 +0300, Mikhail <mp39590@gmail.com> wrote:
> > > On Mon, May 01, 2023 at 09:25:50PM +0300, Mikhail wrote:
> > > > apply_unveil_none() hides whole file system and it makes getpwuid fail
> > > > in PROFILE builds
> > > 
> > > Not my day. Better patch to disable all unveils:
> > 
> > I'm not sure it's a good idea to disable unveil in gotd PROFILE
> > builds; we usually don't do that.
> > 
> > since the getpw pledge is only used in the auth process, what about
> > disabling unveil() only in that process and comment why we're doing
> > that?
> > 
> > (admittedly only build tested)
> 
> Gotd forks several processes, it means that to collect data you will
> need to set PROFDIR (documented in gprof(4) and get profiling from files
> named <pid>.gotd, it in turns mean that we can't unveil exact file name
> as we do in got, which uses gmon.out.
> 
> Those files will go to your current dir. I can't see how we can keep
> strict unveil's and allow multi-process profiling.

Could we not require PROFDIR to be set to a known path and unveil this path
read-write when compiling a profiling build? We could make this path
configurable at build-time: make PROFILE=1 GOTD_PROFDIR=/my/gotd/profdir
Probably best created mode 700 and owned by the gotd user specified in
/etc/gotd.conf. The Makefile could provide a default path if GOTD_PROFDIR
is not set by the user running 'make', such as /var/run/gotd-profdir/