Thanks, fixed.
On 2023/11/20 22:06, Alexander Bluhm wrote:
> This breaks iperf3 in my setup.
>
> root@ot50:.../~# iperf3 -sD
> Abort trap (core dumped)
>
> iperf3[72726]: pledge "proc", syscall 2
>
> Program terminated with signal SIGABRT, Aborted.
> #0 _thread_sys_fork () at /tmp/-:2
> 2 /tmp/-: No such file or directory.
> (gdb) bt
> #0 _thread_sys_fork () at /tmp/-:2
> #1 0x6b01f3ff9bf18acf in ?? ()
> #2 0x000004b673981f86 in daemon (nochdir=0, noclose=0)
> at /usr/src/lib/libc/gen/daemon.c:41
> #3 0x000004b3c8078629 in ?? ()
> #4 0x000004b3c8078423 in ?? ()
> #5 0x000004b3c8078131 in ?? ()
> #6 0x0000000000000000 in ?? ()
>
> Pledge should be done after initialization, but before running phase.
> Call it after daemon(3).
>
> bluhm
>
> On Sat, Oct 21, 2023 at 07:28:06PM +0100, Stuart Henderson wrote:
> > ...also as was as syscalls, socket options could do with checking over too.
> >
> > If everything is in order then there's not much point adding a configure
> > flag really, just check for pledge
> >
> > --
> > Sent from a phone, apologies for poor formatting.
> >
> > On 21 October 2023 19:01:33 Stuart Henderson <s...@spacehopper.org> wrote:
> >
> > > It hasn't been properly reviewed to check if there are any syscalls which
> > > aren't covered by the pledge. I found the diskfile one which you missed,
> > > but haven't checked over nm output to look for more.
> > >
> > > --
> > > Sent from a phone, apologies for poor formatting.
> > >
> > > On 21 October 2023 18:57:55 Mikhail <mp39...@gmail.com> wrote:
> > >
> > >> On Sat, Oct 21, 2023 at 06:38:57PM +0100, Stuart Henderson wrote:
> > >>> Err, sending that upstream is a bit premature.
> > >>
> > >> Reasons? It works fine in my testing, also it's enabled only with
> > >> --enable-openbsd-sandbox, so if something arise it's very easy for the
> > >> users to check without this code. And during review the devs can point
> > >> to improvements.
> > >>
> > >> I can close the PR, it's not a problem.
>
