https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=259770
Jamie Gritton <ja...@freebsd.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|New |Open
CC| |ja...@freebsd.org
--- Comment #1 from Jamie Gritton <ja...@freebsd.org> ---
At first glance, it does seem legitimate to allow a directory descriptor
limited to CAP_UNLINKAT, and likely enough other similar restrictions, I wonder
if that's something we want to carve out. I'll admit that I generally like
like the idea of daemons jailing themselves into somewhere like /var/empty, and
would want to encourage such behavior. And I also see the value in pidfile(3).
But the commit in question was made for security reasons, so I'd want to tread
very carefully here. For that reason, I've invited the others involved in that
commit to have their say on the matter.
--
You are receiving this mail because:
You are on the CC list for the bug.
