| Commit message (Collapse) | Author | Age | Files | Lines | |
|---|---|---|---|---|---|
| * | sandbox: add OpenBSD pledge/unveil support | bptato | 2024-04-03 | 1 | -0/+6 |
| pledge is a bit more fine-grained than Capsicum's capability mode, so the buffer & http ("network") sandboxes are now split up into two parts. I applied the same hack as in FreeBSD for overriding the buffer selector kqueue, because a) I didn't want to request sysctl promise b) I'm not sure if it would even work and c) if it breaks on OpenBSD, then it's broken on FreeBSD too, so there's a greater chance of discovering the bug. | |||||