Hi,
after having discussed it with ratchov@, i think we can remove the audio
pledge from firefox's main process pledge string.
it was originally added to support the case of users intentionally
disabling sndiod, and getting pledge violations because libsndio would
then try to do direct ioctls on the audio device (that's my
understanding), but with the unveil config we have right now /dev/audio
isnt accessible to the main process, and anyway with the new security
model for audio device access one would have to go to extra length to
make it work (again from my understanding):
- add /dev/audio to unveil paths for main process
- chown the audio device to his user
- and then add the audio pledge class
so at that point, if one doesnt want to run sndiod i think one knows what he's
doing and i dont even see the point of documenting that case in the port
README.
without sndiod running, and in the default unveil/pledge config we have
right now, /dev/audio is hidden by unveil, and if you unveil it you
would get EPERM when trying to access the device, where previously you
could open it (and crash if you didnt have the audio pledge).
so the diff below removes the useless audio pledge. What do ppl think
about it ?
Index: Makefile
===================================================================
RCS file: /cvs/ports/www/mozilla-firefox/Makefile,v
retrieving revision 1.419
diff -u -r1.419 Makefile
--- Makefile 7 Apr 2020 14:10:48 -0000 1.419
+++ Makefile 20 Apr 2020 15:43:27 -0000
@@ -9,6 +9,7 @@
MOZILLA_BRANCH = release
MOZILLA_PROJECT = firefox
MOZILLA_CODENAME = browser
+REVISION = 0
WRKDIST = ${WRKDIR}/${MOZILLA_DIST}-${MOZILLA_DIST_VERSION:C/b[0-9]*//}
HOMEPAGE = https://www.mozilla.org/firefox/
Index: files/pledge.main
===================================================================
RCS file: /cvs/ports/www/mozilla-firefox/files/pledge.main,v
retrieving revision 1.1
diff -u -r1.1 pledge.main
--- files/pledge.main 3 Dec 2019 17:00:46 -0000 1.1
+++ files/pledge.main 20 Apr 2020 15:43:27 -0000
@@ -20,5 +20,3 @@
mcast
# only needed for WebRTC
video
-# only needed if not running sndiod(8)
-audio
