Am 24.05.25 um 18:18 schrieb Christoph Liebender:
> Hello ports@,
> 
> this patch adds unveil restrictions to the server part of net/wstunnel. 
> It seems quite straightforward as the only files that are opened are 
> specified in the commandline. Additionally, the server may use the libc 
> resolver, therefore, /etc/{hosts, resolv.conf} are required as well. 
> Reason being that either the user has configured the usage of the libc 
> resolver, or the server falls back to it... At least that's what the 
> code seems to be doing.
> 
> I haven't added client restrictions as I'm not using that on OpenBSD 
> right now.
> 
> Fortunately, there is a crate that makes unveil(2) somewhat comforable 
> to use in rust, which is an additional dependency now.
> 
> Running with bad args gets you:
> 
> # wstunnel server ws://0.0.0.0:4444 --restrict-config /asdf/jk.l
> 
> thread 'main' panicked at wstunnel-cli/src/main.rs:122:69:
> unveil(/asdf/jk.l, r) failed: No such file or directory (os error 2)
> 
> Otherwise, it works fine on my machine. :)
> 
> testers, comments, ok?
> 
> - Christoph

Pong!