Documentation suggestion: applicability for subprocesses

boustrophedon / extrasafe

Make your code extra-safe by voluntarily dropping privileges

MIT License

237 stars 7 forks source link

Documentation suggestion: applicability for subprocesses #40

Closed emarsden closed 6 months ago

emarsden commented 6 months ago

Thanks for this library.

I'm not familiar with the details of the different security APIs used by extrasafe. I believe (but am not certain) that they apply to forked subprocesses, which seems like it might be useful when running ffmpeg for instance. The documentation refers to "your code"; it might be useful to mention applicability for forked processes more explicitly.

boustrophedon commented 6 months ago

Hi! That's a good point. Seccomp, landlock, and namespaces all apply to forked threads and processes - that should probably be mentioned somewhere at the top of the user guide or in the readme.

boustrophedon commented 6 months ago

I added an update in the user guide and added a second link to the user guide at the top of the readme!