Hardcoding so many file paths into the kernel seems inelegant. Otherwise looks quite nice at the first reading.
It will be interesting to see how this compares to FreeBSD’s Capsicum both short term (how fast the uptake) and longer term (security, things added/changed later). I imagine since most things are first party in OpenBSD, short term uptake will be pretty solid.
Capsicum seems more fine grained, but Tame seems like it would be easier to get started using – no requirement here for something like casperd to do name resolution once sandboxed.
Yeah, I’ve got to admit, it seems like it’d be nice to have the userland program specify exactly which files it wants to talk to, so it can be more specific. Then again I think Theo’s very limited range of checkboxes cover 99% of the problem: very very many programs fit very neatly into the operations he’s allowed for.
Still, it’s nice to know even Theo’s diffs aren’t perfect :-) :
+// tame(TAME_STDIO | TAME_GETPW | TAME_RPATH);
What’s does the number in parentheses indicate? i.e. http://linux.die.net/man/1/uptime