Personally, I can't totally figure out what this policy would be. My current best approximation is: there's a period of time when pkg_add and syspatch are running and that is a time when writes are allowed, other than that, not.
I could maybe rig up something more complicated using inherited cryptographic tokens but the potential special cases wind up with approximately the same effect. -- Raul On Tue, Jun 26, 2018 at 2:45 PM sven falempin <sven.falem...@gmail.com> wrote: > > Hello, > > As a user i come across one use case > where i m thinking : i do not want any program/exec > to modify base or local base ( (/usr and /bin /bsd etc.. ) > except syspatch and pkg_add -u. > > Please stop and tell if it does not make sense. > > I did look at pledge(2) and mount as pledge may force rdonly > and mount as wxallowed. > > I did not really find a clever way to enforce pkg_add and syspatch > to be the only binaries to actually write in usr/local and base 'stuff'. > > Because mount can have multiple device on one patch i was tricked to think, > it would be fun to mount one device in multiple place ( rdonly ) and one > time rw. > Which would somewhat allow to chroot to a writable system before running > syspatch. > > Another way would to force every program to be pledge rdonly by default on > non /var > /tmp path and the force some kind of flag to allow writing in specific path. > Like wxallowed, but pledgewrite, then the binary would call pledge() and > gain write access. > > Maybe a bit too complex and strange. > > If you read that far, thank you, can you think of a clever way to enforce > this policy > without heavily modifying the base ? > > Best. > > > -- > -- > --------------------------------------------------------------------------------------------------------------------- > Knowing is not enough; we must apply. Willing is not enough; we must do
