1) Split pledge whitelist path handling out of pledge_namei() and into

   pledge_namei_wlpath(). Call the wlpath check only at the end of namei
   after the namei lookup would otherwise succeed.
2) Add support to namei to keep the path that was looked up, without the
   symlinks in it, and use that path for whitelist path lookups. This
   means that paths in pledge whitelists will need to always be the
   real path to an intended file to whitelist, without symlinks. Any
   symlinks to the "real" file will then be allowed
ok deraadt@ semarie@

0 files changed, 0 insertions, 0 deletions