Tree
- Tree:
8d421a92a2f2c132ae1489272db6971e613a40c2
- Date:
- Message:
- use capsicum on FreeBSD Thanks to the design of Got, the libexec helpers don't need any resource (in fact they run under pledge "stdio recvfd" on OpenBSD) and so using cap_enter(2) on FreeBSD is dead-easy. While the main process can't be sandboxed on FreeBSD (needs to exec the helpers), all the tough work is done by these small libexec helpers which is also the biggest attack surface. tested by naddy, ok thomas
Makefile.am | commits | blame |
got-read-gitconfig.c | commits | blame |