From: Omar Polo <op@omarpolo.com>
Subject: Re: gotd chroot -> unveil
To: Stefan Sperling <stsp@stsp.name>
Cc: gameoftrees@openbsd.org
Date: Wed, 14 Dec 2022 10:35:57 +0100

On 2022/12/11 14:42:15 +0100, Stefan Sperling <stsp@stsp.name> wrote:
> This patch requires my "gotd listen process" patch to be applied first:
> https://marc.gameoftrees.org/thread/1670581855.68945_0.html
> 
> Switch gotd from chroot(2) to unveil(2).

reads fine, ok for me.

> In the future, gotd will fork+exec new processes for each client connection.
> Using unveil instead of chroot avoids having to start such processes as root.
> 
> The -portable version could use chroot(2) where no equivalent to unveil(2)
> exists. A future component which starts new processes will be isolated as
> a separate process, which could run as root in the -portable version.