config: separate tmp dir for sockets, users

* add $LOGNAME to the tmp directory name, so that tmpdirs of separate users don't conflict * use separate directory for sockets, so that we do not have to give buffers access to all cached pages
author: bptato <nincsnevem662@gmail.com> 2024-05-16 18:35:22 +0200
committer: bptato <nincsnevem662@gmail.com> 2024-05-16 18:58:13 +0200
commit: ed84d7223fd8945705dcedd204fee137b249c524 (patch)
tree: 3539b9ccb5af2de6ad66e6d3362bff83abc1df88 /src/utils
parent: 87a5c636eb203cd066a620129f93c30b02245ad9 (diff)
download: chawan-ed84d7223fd8945705dcedd204fee137b249c524.tar.gz
1 files changed, 0 insertions, 2 deletions
diff --git a/src/utils/sandbox.nim b/src/utils/sandbox.nim
index 130389ab..0d0b5770 100644
--- a/src/utils/sandbox.nim
+++ b/src/utils/sandbox.nim
@@ -7,8 +7,6 @@
 #
 # On FreeBSD, we create a file descriptor to the directory sockets
 # reside in, and then use that for manipulating our sockets.
-#(TODO: currently this is the same directory as the cache directory, which
-# is sub-optimal because rogue buffers could access cached files.)
 #
 # Capsicum does not enable more fine-grained capability control, but
 # in practice the things it does enable should not be enough to harm the
author	bptato <nincsnevem662@gmail.com>	2024-05-16 18:35:22 +0200
committer	bptato <nincsnevem662@gmail.com>	2024-05-16 18:58:13 +0200
commit	ed84d7223fd8945705dcedd204fee137b249c524 (patch)
tree	3539b9ccb5af2de6ad66e6d3362bff83abc1df88 /src/utils
parent	87a5c636eb203cd066a620129f93c30b02245ad9 (diff)
download	chawan-ed84d7223fd8945705dcedd204fee137b249c524.tar.gz