Theo de Raadt, 30 Mar 2015 18:12: > The most important question of the conversation was: Why did nginx not > accept a diff to add chroot to mainline? All of you, feel free to ask > their developers. Yeah, I know this will come off as political. But > this is a significant and intentional oversight in their software. Like > removing syslog support. Perhaps if you want chroot, you have to pay > extra?
it is a good question. on the other hand i don't know about the efforts of openbsd developers trying to get the patch upstream. perhaps there was considerable effort on private channels, but a quick search on their trac has no results: http://trac.nginx.org/nginx/search?q=chroot and this is the only mail i could find on nginx-devel that "proposes" this feature: http://mailman.nginx.org/pipermail/nginx-devel/2014-August/005799.html but that patch would not have made it into openbsd either. although the lack of any answers is of course disturbing. one could also argue that similarly disturbing is the nginx team's indifference towards an existing bsd licensed patch for this feature (including documentation bits). maybe nobody pinged them again? there have been some good patches that did not make into openbsd either[citation needed] so who should cast the first stone :) (btw. i know it's not the same, but chrooting php-fpm takes care of some of the nasty stuff, and other scripting languages would not benefit directly from nginx's chroot either because nginx is just a proxy for them... but yes, nginx chroot from upstream would be nice) -f -- the word of the day is legs. now spread the word!