Pledge tightening #39
Conversation
Allows to drop the "unix" pledge promise.
|
Merged! I'm gonna bump the version to sync with the changes. |
|
Thanks! Actually, hum, I have to apologize for sending the pr too soon. It seems that "sometimes" xnotify ends up re-opening the fonts (I'm not too into fonconfig but I guess that it may need to open other fonts at runtime) so the "rpath" pledge promise needs to be kept. i.e. the last commit should be reverted (the one adding the second pledge call.) I'm sorry but I couldn't hit that in a couple of hours of usage, but it happened right now. In the end, "stdio rpath" is still a very good (and strict) pledge policy, so not big loss :) |
|
Yeah, it has a fallback font system, in the case the font you configured has not the character being drawn (useful for CJK glyphs). So font files can be open after initialization. |
|
Thanks for reverting the commit and tagging a newer release and sorry again for the troubles! (fwiw i think that I was fine until it tried to display a notification with an emoji that triggered the loading of another font and thus the pledge violation.) |
np :) |
|
I had to remove pledge. |
Hello,
This tightens pledge(2) usage on OpenBSD. First, it drops the "unix" promise by calling pledge after XOpenDisplay and then, when the initalization is done, drops "rpath" too. This greatly reduces the number of syscalls that remains available to the program during its main loop, without breaking it of course. I'm testing it with tiramisu on OpenBSD and seems to work just fine.