Hello. I’m trying to port Collabora Online to the FreeBSD OS. The first problem I met is the following Linux-specific code:
Is my understanding correct that this code checks that the current process has the rights to call “chroot”, “mknod” and change file permissions?
Sure - that’s rather important for our subsequent fork / etc. If FreeBSD doesn’t have capabilities then just having a root process for the forkit would be sufficient.
FreeBSD does have a capabilities framework, I just wondering under what circumstances the process may not have these capabilities? These are pretty common even for unprivileged user.
On linux, the ability to chroot is a security capability, as is creating device nodes, as is changing the ownership of those device nodes, for quite obvious reasons I hope 
creating a new /dev/sda and changing ownership to yourself might allow low-level un-controlled disk access (I speculate)
All right, according to man chroot, this function can be called only by root on FreeBSD. So I’ll make the code check for uid there.
I have another question, which I already asked on IRC, reposting here:
What’s the point in calling getsockopt on listening socket at online/Socket.cpp at master · CollaboraOnline/online · GitHub ?
I presume, the process first creates the socket and then forks under non-privileged user, and this check is to make sure that we are in the forked one? Why not just look at getppid() in this case?
The intention clearly is to check the creds of the accepted child, and not the listening socket =) we could do something via the pid cred, and walk up to the parents - but forkits can die and/or get re-started so - prefer to keep this approach. Will poke the accepted child instead though - good catch =) thanks!
some more recent work is here ⚙ D49636 new port: net/collabora
Okay, technically we have CODE running on FreeBSD utilizing FreeBSD jails. (Only briefly/manually tested)
I see already some FreeBSD specific code in CODE so how would the take be on up-streaming our work/and eventually support CODE for FreeBSD?
BTW Which tag of LibreOffice would be more correct to use. There is co- and cp- prefixes, but for (collaboraoffice/online you only have cp-) Right now I used the co- tag of LibreOffice?
And to the legal stuff. Should we drop all naming schemes including Collabora and the other trade marks named in www.collaboraonline.com/trademark-policy/ ? Or would we be allowed to use the name for the package and in other places? If not can I find a guide to “brand” differently? What else to consider legally? Right now my testing About menu tells me
Collabora Online Develepment Edition
(Unbranded)
COOLWSD version: 25.04.7.1(git hash: e808afa229)
LOKit version: Collabora Office 25.04.7.1(git hash: )
Served by: FreeBSD 14.3-RELEASE-p5
Server ID: 74ef6c16
WOPI host: nextcloud 32.0.1.2 - richdocuments 9.0.1
A Pull request draft is not yet submitted on Github but the WIP is linked below for reference.
Thanks
/Jesper
[https://github.com/jsm222/online/tree/fbsd-support-cp-25.04.7-1\]