Remove outdated OpenBSD/NetBSD systrace.policy

Systrace was removed from OpenBSD and NetBSD, so remove this (old and
outdated?) configuration file from the ./contrib directory.

See <https://en.wikipedia.org/wiki/Systrace>.

Thanks to "michi" for pointing this out on #ngircd!

contrib/MacOSX/ngIRCd.xcodeproj/project.pbxproj

@@ -171,7 +171,6 @@
 		FA322D920CEF7523001761B3 /* ngindent.sh */ = {isa = PBXFileReference; fileEncoding = 5; lastKnownFileType = text.script.sh; path = ngindent.sh; sourceTree = "<group>"; };
 		FA322D940CEF7523001761B3 /* ngircd.spec */ = {isa = PBXFileReference; fileEncoding = 5; lastKnownFileType = text; path = ngircd.spec; sourceTree = "<group>"; };
 		FA322D950CEF7523001761B3 /* README */ = {isa = PBXFileReference; fileEncoding = 5; lastKnownFileType = text; path = README; sourceTree = "<group>"; };
-		FA322D960CEF7523001761B3 /* systrace.policy */ = {isa = PBXFileReference; fileEncoding = 5; lastKnownFileType = text; path = systrace.policy; sourceTree = "<group>"; };
 		FA322D9A0CEF752C001761B3 /* FAQ.txt */ = {isa = PBXFileReference; fileEncoding = 5; lastKnownFileType = text; path = FAQ.txt; sourceTree = "<group>"; };
 		FA322D9B0CEF752C001761B3 /* Makefile.am */ = {isa = PBXFileReference; fileEncoding = 5; lastKnownFileType = text; path = Makefile.am; sourceTree = "<group>"; };
 		FA322D9C0CEF752C001761B3 /* Platforms.txt */ = {isa = PBXFileReference; fileEncoding = 5; lastKnownFileType = text; path = Platforms.txt; sourceTree = "<group>"; };
@@ -484,7 +483,6 @@
 				FA322D940CEF7523001761B3 /* ngircd.spec */,
 				FAA9C8162377186900A04296 /* nglog.sh */,
 				FA4B08E813E7F91C00765BA3 /* platformtest.sh */,
-				FA322D960CEF7523001761B3 /* systrace.policy */,
 			);
 			name = contrib;
 			path = ..;

contrib/Makefile.am

@@ -1,6 +1,6 @@
 #
 # ngIRCd -- The Next Generation IRC Daemon
-# Copyright (c)2001-2019 Alexander Barton (alex@barton.de) and Contributors
+# Copyright (c)2001-2020 Alexander Barton (alex@barton.de) and Contributors
 #
 # This program is free software; you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
@@ -21,8 +21,7 @@ EXTRA_DIST = README \
 	ngircd.socket \
 	ngircd.spec \
 	nglog.sh \
-	platformtest.sh \
+	platformtest.sh
-	systrace.policy
 
 maintainer-clean-local:
 	rm -f Makefile Makefile.in

contrib/README

@@ -2,7 +2,7 @@
                      ngIRCd - Next Generation IRC Server
                            http://ngircd.barton.de/
 
-               (c)2001-2019 Alexander Barton and Contributors.
+               (c)2001-2020 Alexander Barton and Contributors.
                ngIRCd is free software and published under the
                    terms of the GNU General Public License.
 
@@ -44,6 +44,3 @@ nglog.sh
 
 platformtest.sh
  - Build ngIRCd and output a "result line" suitable for doc/Platforms.txt.
-
-systrace.policy
- - Systrace policy file for OpenBSD (and probably NetBSD).

contrib/systrace.policy

@@ -1,77 +0,0 @@
-#
-# Sample systrace policy for ngIRCd on OpenBSD
-# Author: Benjamin Pineau <ben@zouh.org>
-#
-# $Id: systrace.policy,v 1.1 2004/04/28 12:16:59 alex Exp $
-#
-# Tune me, put me in /etc/systrace/usr_local_bin_ngircd and start ngIRCd
-# (with root privileges) as:
-#
-#   systrace -a /usr/local/bin/ngircd
-#
-# I didn't tried this on NetBSD, but it should work as is.
-#
-# On systems with pf, it can be supplemented by strict firewall rules:
-# for a ngircd running as '$ircuser', binding on '$ircport' and accepting
-# 30 connections:
-#
-#   block out log quick proto tcp from any port $ircport to any \
-#    user != $ircuser
-#   pass in inet proto tcp from any to any port $ircport user $ircuser \
-#    keep state (max 30) flags S/SA
-#
-
-Policy: /usr/local/bin/ngircd, Emulation: native
-	native-__sysctl: permit
-	native-fsread: filename eq "/etc/malloc.conf" then permit
-	native-fsread: filename sub "/usr/share/zoneinfo/" then permit
-	native-fsread: filename eq "/usr/local/etc/ngircd.conf" then permit
-	native-fsread: filename eq "/usr/local/etc/ngircd.motd" then permit
-	native-fsread: filename eq "/etc/ngircd.conf" then permit
-	native-fsread: filename eq "/etc/ngircd.motd" then permit
-	native-fsread: filename eq "/etc/spwd.db" then deny[eperm]
-	native-fsread: filename eq "/etc/group" then permit
-	native-fsread: filename eq "/etc/resolv.conf" then permit
-	native-fsread: filename eq "/etc/localtime" then permit
-	native-fsread: filename eq "/etc/hosts" then permit
-	native-fsread: filename sub "<non-existent filename>" then deny[enoent]
-	native-socket: sockdom eq "AF_UNIX" and socktype eq "SOCK_DGRAM" then permit
-	native-socket: sockdom eq "AF_INET" and socktype eq "SOCK_STREAM" then permit
-	native-bind: sockaddr match "inet-*:6667" then permit, if user != root
-	native-connect: sockaddr eq "/dev/log" then permit, if user != root
-	native-connect: sockaddr match "inet-*:53" then permit, if user != root
-	native-setsockopt: permit, if user != root
-	native-listen: permit, if user != root
-	native-accept: permit, if user != root
-	native-sendto: true then permit, if user != root
-	native-recvfrom: permit, if user != root
-	native-read: permit
-	native-pread: permit
-	native-write: permit, if user != root
-	native-mmap: permit
-	native-munmap: permit
-	native-mprotect: permit
-	native-break: permit
-	native-umask: permit
-	native-fork: permit
-	native-setsid: permit
-	native-chdir: permit
-	native-chroot: permit
-	native-setgid: gid neq "0" then permit
-	native-setuid: uid neq "0" and uname neq "root" then permit
-	native-getuid: permit
-	native-getgid: permit
-	native-gettimeofday: permit
-	native-getpid: permit
-	native-select: permit
-	native-fcntl: permit
-	native-fstat: permit
-	native-issetugid: permit
-	native-sigaction: permit
-	native-pipe: permit
-	native-sigreturn: permit
-	native-close: permit
-	native-exit: permit
-	native-fswrite: deny[eperm]
-
-# -eof-