On Tue, Mar 15, 2022 at 11:32:19PM +0100, i...@tutanota.com wrote: > Since Go has support for pledge and unveil, I was thinking about > "imitating" the setup for httpd. > > I basically need to run a Go webserver with access to MariaDB, > but would like to chroot the Go webserver. > > I was thinking that since Go by default doesn't run a webserver on > port 80 or 443, I would just spawn as www user on some higher > port and then use PF to redirect.
The age old practice of dropping privileges just works. I assume go has bindings for setuid() and friends.
