Comment by e12e
1 day ago
From above your quote:
> The only officially-supported operating system is OpenBSD, as this has considerable security features.
And below your quote:
> This is possible (I think?) with FreeBSD's Capsicum, but Linux's security facilities are a mess, and will take an expert hand to properly secure.
It is portable in the sense that it compiles and runs, not in the sense that it has the same security features.
I'd love to see pledge/unveil on (upstream) Linux - but I'm not holding my breath.
> I'd love to see pledge/unveil on (upstream) Linux - but I'm not holding my breath
There is Landlock now, I believe it would be possible to implement unveil and pledge on top of that.
Apparently someone tried wrapping landlock in unveil:
https://clehaxze.tw/gemlog/2022/04-02-landlock-unveil-experi...
https://github.com/marty1885/landlock-unveil
... And looks like cosmopolitan libc wraps landlock for unveil, in addition to implement pledge.
One of HN's favorite hackers has done that: https://news.ycombinator.com/item?id=32096801
> favorite
Interesting choice of word
1 reply →
Ok that makes more sense, thankyou.