switch to getcwd

author: Omar Polo <op@omarpolo.com> 2021-01-17 09:33:45 +0000
committer: Omar Polo <op@omarpolo.com> 2021-01-17 09:33:45 +0000
commit: d939d0f09e44d8bee3fd8f1519deddeb20b804ef (patch)
tree: f8110e7f5d3d0313cf127238ed811d0f4cc254ca /README.md
parent: 881dc835d05029b30bcb7dd229d2a0583fa6e360 (diff)
1 files changed, 5 insertions, 2 deletions
diff --git a/README.md b/README.md
index 334315b..4cbaa86 100644
--- a/README.md
+++ b/README.md
@@ -62,6 +62,9 @@ even if the presence of a sandbox.
 
 On OpenBSD, the listener process runs with the `stdio recvfd rpath
 inet` pledges and has `unveil(2)`ed only the directories that it
-serves; the executor has `stdio sendfd proc exec` as pledges.
+serves. Furthermore, the executor process has `stdio sendfd proc exec`
+as pledges.
 
-On FreeBSD, the executor process is sandboxed with `capsicum(4)`.
+On FreeBSD, the listener process is sandboxed with `capsicum(4)`.
+
+On linux, a seccomp filter is installed for the listener process.
author	Omar Polo <op@omarpolo.com>	2021-01-17 09:33:45 +0000
committer	Omar Polo <op@omarpolo.com>	2021-01-17 09:33:45 +0000
commit	d939d0f09e44d8bee3fd8f1519deddeb20b804ef (patch)
tree	f8110e7f5d3d0313cf127238ed811d0f4cc254ca /README.md
parent	881dc835d05029b30bcb7dd229d2a0583fa6e360 (diff)