G'day, Noting that there are *strong* reasons why pledge/unveil as a command is a bad idea since the programmer is the one who understands what is going on which is the problem with the Linux/SELinux/... approach which is a complete disaster .
Still we are building a system that needs to interface with semi-trusted binaries and so I'm still heading towards: % ./a-pledge-unveil promises execpromises path permissions command .... Which seems brutal but has a certain elegance noting we cannot change some of the binaries and do it properly. Any thoughts/observations would be worthwhile, e.g. you muppet ... what about... and we'll of course release the tools (and some other ones which are more interesting) to the community. I remain Sirs, your Most humble and Obedient Servant. -- Phil Maker <[email protected]>, <[email protected]> <https://a-star-microgrid.com>, <https://iesconnect.net> phone: +61 (0) 439 223 469 TZ +9h30m ALT: remote email: <[email protected]>
