for now the node-modules-cp-online-24.04.13-2.tar.gz is only at https://people.freebsd.org/~jsm/node-modules-cp-online-24.04.13-2.tar.gz (not copied to distfiles) the changes to the LibreOffice makefile is only the postinstall part. the broken API part is an old part ig...

Last time I tried to port it in https://reviews.freebsd.org/D34051 the main obstacle was that COOL uses various Linux-specific features to jail its processes. I reached the stage when it runs, but in an "insecure" mode, which isn't ready for the production. To properly port this software a lot of upstream work was required.

Did something changed in that regard, or you just took sources from GitHub and wrapped them into a port?

In D49636#1131583, @arrowd wrote:

Last time I tried to port it in https://reviews.freebsd.org/D34051 the main obstacle was that COOL uses various Linux-specific features to jail its processes. I reached the stage when it runs, but in an "insecure" mode, which isn't ready for the production. To properly port this software a lot of upstream work was required.

Did something changed in that regard, or you just took sources from GitHub and wrapped them into a port?

Yes I noted as well the highly linux specific security model. I use setuid bit for coolmount with upstreams username check, and chroot by normal user with security.bsd.unprivileged_chroot = 1. So everything runs as a normal user except for the null_mounts. (wrapped in coolmount) I did unfortunately not know of you prior work...

I think the proper way to port this software would be to approach upstream and merge our patches there, then wait for a new release.

As for jailing approach - I was thinking on utilizing jail(2) call directly to lockdown COOL worker processes. This of course would require going a completely different code path for jail creation.