Den tors 30 jan. 2020 kl 21:08 skrev Patrick Kristiansen < patr...@tamstrup.dk>:
> > Properly starting up a daemon process requires several steps, often > > involving unveil(2), pledge(2), chroot(2), prviledge dropping, > > sometimes fork+exec for privilege separation, and so on > > The process I need to run is written in Clojure and thus runs on the > Java Virtual Machine. Do you have any suggestions on how to best go > about making it "daemon-like"? I am not sure that I can call unveil(2), > pledge(2) and chroot(2) from Clojure without some strange sorcery. So not related to only Clojure but rather on runtimes that are large and unwieldy, this seems to be exactly why plegde() and unveil() came into being in the first place, after seeing things that needs to do certain privileged operations at some early point, but because of design/runtime/hard-to-pledge or whatever has to run with the sum of all privileges, all capabilities at all times and at the same time being exposed to potential hostile data. I can fully see why Ingo would say "I would not run things like that exposed", partly because I figure he actually has a choice to not do it, but regardless of what electric fences you like (Selinux, capsicum, pledge/unveil, chroots) if you create a huge monolith running in an environment which actively prevents you from activating any kinds of protections, then I can see how you would see some friction. -- May the most significant bit of your life be positive.
