On Tue, Dec 10, 2019 at 02:39:20PM +0000, Stuart Henderson wrote: > On 2019/12/10 13:57, Reyk Floeter wrote: > > +# U2F/FIDO keys > > +/dev/uhid0 rw > > +/dev/uhid1 rw > > +/dev/uhid2 rw > > +/dev/uhid3 rw > > +/dev/uhid4 rw > > +/dev/uhid5 rw > > +/dev/uhid6 rw > > +/dev/uhid7 rw > > +/dev/uhid8 rw > > +/dev/uhid9 rw > > BTW there are several entries in dmesglog with uhid18 (Microsoft Surface > Type Cover) and one with uhid40 (headset + docking station + others). > The 40 seems excessive but it might be worth going up to, say, 20. > (Alternatively it could be dropped to 7 to align with the number of > device nodes created by MAKEDEV by default ..) >
I feared that, OK. Let's go for 20 in this case? My authenticator-rs code initially scanned the /dev directory for uhid devices but I changed it to probe the first 100 uhid devices to work under unveil(2) (I didn't want to make /dev rx and there's no unveil(2) way to "read the directory contents without allowing access to its files"). > > +This currently only works with pledge.main = disable. > > Another option would be to do this, and remove some lines from the > pkg-readme... > Hehe, good point and I wouldn't mind. But even if pledge(2) is enabled with all of its classes, it still limits ioctls and the scope of other syscalls. I don't know, what do people think about this? Reyk > diff -u -p -r1.1 pledge.main > --- pledge.main 3 Dec 2019 17:00:46 -0000 1.1 > +++ pledge.main 10 Dec 2019 14:26:25 -0000 > @@ -1,24 +1 @@ > +disable > -stdio > -rpath > -wpath > -cpath > -inet > -proc > -exec > -prot_exec > -flock > -ps > -sendfd > -recvfd > -dns > -vminfo > -tty > -drm > -unix > -fattr > -getpw > -mcast > -# only needed for WebRTC > -video > -# only needed if not running sndiod(8) > -audio >