Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

initial pledge(2) on OpenBSD #1803

Merged
merged 1 commit into from
Feb 25, 2024
Merged

initial pledge(2) on OpenBSD #1803

merged 1 commit into from
Feb 25, 2024

Conversation

klemensn
Copy link

Limit the set of system calls shairport-sync is allowed to make, most importantly fork(2)/execve(2) if and only if user defined commands are run.

OpenBSD's official audio/shairport-sync port already ships with this patch.

https://man.openbsd.org/pledge.2

@klemensn
initial pledge(2) on OpenBSD
5cdde02 
Limit the set of system calls shairport-sync is allowed to make,
most importantly fork(2)/execve(2) if and only if user defined commands
are run.

OpenBSD's official audio/shairport-sync port already ships with this
patch.

https://man.openbsd.org/pledge.2
@klemensn
Copy link
Author

Here's what already works and has already been tested by other OpenBSD users.

#if defined(__OpenBSD__) vs. #ifdef COMPILE_FOR_OPENBSD, #ifdef FEATURE / if (config) dances and comments/wording aside, this PR is fit for merge while my idea is to rebase #1801 onto it.

@klemensn klemensn marked this pull request as ready for review February 12, 2024 11:35
@klemensn
Copy link
Author

I've also tested this with AirPlay 2 Support and mikebrady/nqptp#31, i.e. shared memory between the two unprivileged and pledged programs does work and sound is played.

@mikebrady
Copy link
Owner

Thanks again for all this work! I’ll try it out with the (patched) NQPTP.

@klemensn
Copy link
Author

klemensn commented Feb 14, 2024
edited
Loading

Thanks again for all this work! I’ll try it out with the (patched) NQPTP.

If it helps, https://github.com/jasperla/openbsd-wip/tree/master/net/nqptp is a ready-to-use NQPTP port incl. this PR,
so if you're familiar with ports(7) this is all you need

cd .../net/nqptp
make install
rcctl start nqptp

Then tweak https://github.com/openbsd/ports/tree/master/audio/shairport-sync to build with AirPlay 2 and do

cd .../audio/shairport-sync
make install
[follow the readme]
rcctl start shairport-sync

@klemensn
Copy link
Author

Friendly ping.

@mikebrady
Copy link
Owner

Oops — I think I misunderstood, and was leaving the PRs open.

Please let me know what you’d like me to do — accept the two PRs, or what.

Thanks.

@klemensn
Copy link
Author

Oops — I think I misunderstood, and was leaving the PRs open.

Please let me know what you’d like me to do — accept the two PRs, or what.

Thanks.

This PR

Here's what already works and has already been tested by other OpenBSD users.

It is ready for review/merge -- the other remains a draft I can work with later on.

@mikebrady mikebrady merged commit 6561b84 into mikebrady:development Feb 25, 2024
18 checks passed
@mikebrady
Copy link
Owner

Many thanks for this!

@klemensn klemensn deleted the initial-pledge branch February 26, 2024 14:24
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@klemensn @mikebrady