Skip to content

Commit

Permalink
limitations
Browse files Browse the repository at this point in the history
  • Loading branch information
@tvlooy
tvlooy committed Dec 12, 2016
1 parent a9dda41 commit ea5128d
Showing 1 changed file with 22 additions and 0 deletions.
22 changes: 22 additions & 0 deletions README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -50,3 +50,25 @@ All promises are documented in [the OpenBSD pledge(2) manual page](http://man.op

If the PHP ```pledge()``` call fails, it will throw a ```\PledgeException```.

## Limitations

If you are running the php interactive shell with ```php -a``` you need these promises:

```
pledge('rpath wpath cpath tty ioctl stdio');
```

If you want to pledge Drupal8 or Symfony2 running on FPM, you need at least:

```
pledge('rpath wpath cpath inet dns flock fattr stdio');
```

So, preventing filesystem or network access seems impossible.

Just to serve a ```phpinfo()``` or "hello world" from FPM you need:

```
pledge('rpath flock inet stdio');
```

0 comments on commit ea5128d

Please sign in to comment.