got-portable: sandboxing got-notify-*

From:: Omar Polo <op@omarpolo.com>
Subject:: Re: got-portable: sandboxing got-notify-*
To:: Thomas Adam <thomas@xteddy.org>
Cc:: gameoftrees@openbsd.org
Date:: Fri, 26 Apr 2024 13:43:23 +0200

Download raw body.

Thread

2024-04-26 11:02 Omar Polo:
got-portable: sandboxing got-notify-*
- 2024-04-26 11:33 Thomas Adam:
  got-portable: sandboxing got-notify-*
- - 2024-04-26 11:43 Omar Polo:
    got-portable: sandboxing got-notify-*

On 2024/04/26 12:33:39 +0100, Thomas Adam <thomas@xteddy.org> wrote:
> Hi,
> 
> On Fri, 26 Apr 2024 at 12:03, Omar Polo <op@omarpolo.com> wrote:
> >
> > On 2024/04/09 09:26:18 +0200, Omar Polo <op@omarpolo.com> wrote:
> > > similarly to what we do for the other libexecs.  When we
> > > pledge("stdio"), we're in an environment where we can enter capsicum on
> > > FreeBSD or remove all the filesystem access on linux.
> > >
> > > so far only tested on freebsd by manually calling got-notify-http and
> > > regress/gotd/http-server to verify the output.  I have destroyed my
> > > linux vm accidentally so can't test there atm but don't expect
> > > surprises.
> > >
> > > ok?
> >
> > ping.  I've tested on linux with landlock enabled too (with a
> > self-signed certificate and TLS validation disabled.)
> 
> I've also given this some testing -- looks good to me.

i've committed it then, thanks!

> Kindly,
> Thomas

2024-04-26 11:02 Omar Polo:
got-portable: sandboxing got-notify-*
- 2024-04-26 11:33 Thomas Adam:
  got-portable: sandboxing got-notify-*
- - 2024-04-26 11:43 Omar Polo:
    got-portable: sandboxing got-notify-*