commit - 909ea500a4ccb227e1be09f046499d59f2898143
commit + 42650adec078a7d3e885afbafa1fa4406d4823fb
blob - abb16a5639ae86df38eae1c3f7cc12f969cb72eb
blob + 7329daecfa31542ea1c5939694e172aae46ef26e
--- README.md
+++ README.md
## Building
-gmid depends on a POSIX libc and libtls (provided either by LibreSSL
-or libretls). At build time, flex and yacc (or GNU bison) are also
-needed.
+gmid depends on a POSIX libc, OpenSSL/LibreSSL and libtls (provided
+either by LibreSSL or libretls). At build time, flex and yacc (or GNU
+bison) are also needed.
The build is as simple as
restrictions even in the presence of a sandbox.
On OpenBSD, the listener process runs with the `stdio recvfd rpath
-inet` pledges and has `unveil(2)`ed only the directories that it
-serves; the executor has `stdio sendfd proc exec` as pledges.
+inet` pledges, the executor has `stdio sendfd proc exec` as pledges;
+both have unveiled only the served directories.
On FreeBSD, the executor process is sandboxed with `capsicum(4)`.