FreeBSD support
Closed this issue · 2 comments
Compiling gaol v0.0.1 (https://github.com/servo/gaol#227ff0ba)
error[E0432]: unresolved import `platform::process`
--> /path/to/servo/.cargo/git/checkouts/gaol-c3a1e33941376f84/227ff0b/sandbox.rs:13:25
|
13 | use platform::process::{self, Process};
| ^^^^ no `process` in `platform`
error[E0432]: unresolved import `platform::process`
--> /path/to/servo/.cargo/git/checkouts/gaol-c3a1e33941376f84/227ff0b/sandbox.rs:13:15
|
13 | use platform::process::{self, Process};
| ^^^^^^^ Could not find `process` in `platform`
error[E0432]: unresolved import `platform::ChildSandbox`
--> /path/to/servo/.cargo/git/checkouts/gaol-c3a1e33941376f84/227ff0b/sandbox.rs:22:20
|
22 | pub use platform::{ChildSandbox, Sandbox};
| ^^^^^^^^^^^^ no `ChildSandbox` in `platform`
error[E0432]: unresolved import `platform::Sandbox`
--> /path/to/servo/.cargo/git/checkouts/gaol-c3a1e33941376f84/227ff0b/sandbox.rs:22:34
|
22 | pub use platform::{ChildSandbox, Sandbox};
| ^^^^^^^ no `Sandbox` in `platform`
error[E0412]: cannot find type `Operation` in module `platform`
--> /path/to/servo/.cargo/git/checkouts/gaol-c3a1e33941376f84/227ff0b/profile.rs:99:32
|
99 | PlatformSpecific(platform::Operation),
| ^^^^^^^^^ not found in `platform`
|
help: possible candidate is found in another module, you can import it into scope
|
13 | use profile::Operation;
|
error[E0599]: no method named `support` found for type `&profile::Operation` in the current scope
--> /path/to/servo/.cargo/git/checkouts/gaol-c3a1e33941376f84/227ff0b/profile.rs:132:29
|
132 | match operation.support() {
| ^^^^^^^
|
= help: items from traits can only be used if the trait is implemented and in scope
= note: the following trait defines an item `support`, perhaps you need to implement it:
candidate #1: `profile::OperationSupport`
error: aborting due to 6 previous errors
error: Could not compile `gaol`.
(I was just writing this in servo/servo#11625 … :D)
Gaol is designed around a syscall filtering model like seccomp/pledge, not an object-capability model like Capsicum. (I made a little crate that's better suited for Capsicum — including the awesome openat
trick.)
I can add a Capsicum backend for Gaol that disallows everything :) but Servo would have to pass all the descriptors from a privileged process or open them beforehand.
Looks like the content process sandbox only needs /dev/urandom
and a resources directory! So it should be possible to open these things before starting the sandbox, and use the openat crate to open the resources under the directory.
Actually /dev/urandom
might not even be necessary. If Servo uses the rand
crate (I haven't checked), it uses sysctl kern.arandom :)