yggdrasil-go

mirror of https://github.com/yggdrasil-network/yggdrasil-go.git synced 2025-02-12 09:51:50 +00:00

History

Klemens Nanni 2d587740c1 genkeys, yggdrasilctl: Use pledge(2) on OpenBSD (#1193 ) Restrict system operations of CLI tools with https://man.openbsd.org/pledge.2. https://pkg.go.dev/suah.dev/protect abstracts the OS specific code, i.e. is a NOOP on non-OpenBSD systems. This PR is to gauge upstream interest in this direction; my OpenBSD port of yggdrasil already pledges the daemon, resulting in minimal runtime privileges, but there are still a few rough edges: https://github.com/jasperla/openbsd-wip/blob/master/net/yggdrasil/patches/patch-cmd_yggdrasil_main_go#L80 --------- Co-authored-by: Neil <git@neilalexander.dev>	2024-12-12 18:48:24 +00:00
..
cmd_line_env.go	zap obsolete nonexistent command from usage (#1184 )	2024-10-17 13:22:22 +01:00
main.go	genkeys, yggdrasilctl: Use pledge(2) on OpenBSD (#1193 )	2024-12-12 18:48:24 +00:00

genkeys, yggdrasilctl: Use pledge(2) on OpenBSD (#1193 )

Restrict system operations of CLI tools with
https://man.openbsd.org/pledge.2.

https://pkg.go.dev/suah.dev/protect abstracts the OS specific code, i.e.
is a NOOP on non-OpenBSD systems.

This PR is to gauge upstream interest in this direction; my OpenBSD port
of yggdrasil already pledges the daemon,
resulting in minimal runtime privileges, but there are still a few rough
edges:

https://github.com/jasperla/openbsd-wip/blob/master/net/yggdrasil/patches/patch-cmd_yggdrasil_main_go#L80

---------

Co-authored-by: Neil <git@neilalexander.dev>

2024-12-12 18:48:24 +00:00

cmd_line_env.go

zap obsolete nonexistent command from usage (#1184 )

2024-10-17 13:22:22 +01:00

main.go

genkeys, yggdrasilctl: Use pledge(2) on OpenBSD (#1193 )

2024-12-12 18:48:24 +00:00