| ▲ | Bender 39 minutes ago | |||||||
The actual work of porting is matching the security features provided by OpenBSD's pledge(2) and unveil(2). These are critical elements to the functionality of the system. Without them, your system accepts arbitrary data from the public network. I am not seeing pledge on Alpine Linux in edge. Have people been testing Pledge on Linux? Did I perhaps misunderstand the risk of using Openrsync without pledge? Or is this article just for OpenBSD users? | ||||||||
| ▲ | e12e 14 minutes ago | parent [-] | |||||||
From above your quote: > The only officially-supported operating system is OpenBSD, as this has considerable security features. And below your quote: > This is possible (I think?) with FreeBSD's Capsicum, but Linux's security facilities are a mess, and will take an expert hand to properly secure. It is portable in the sense that it compiles and runs, not in the sense that it has the same security features. I'd love to see pledge/unveil on (upstream) Linux - but I'm not holding my breath. | ||||||||
| ||||||||