summaryrefslogtreecommitdiff
path: root/etc/systrace
diff options
context:
space:
mode:
authorPhilip Guenther <guenther@cvs.openbsd.org>2014-07-14 05:48:19 +0000
committerPhilip Guenther <guenther@cvs.openbsd.org>2014-07-14 05:48:19 +0000
commit9fe0151a5b766dc320283a15e478c1211e508877 (patch)
tree29f47098e7f76a6bd562a19c717ff66502235319 /etc/systrace
parent45b78295a24fab009ae459795e302c877c64788b (diff)
Update for arc4random and syslog changes
Diffstat (limited to 'etc/systrace')
-rw-r--r--etc/systrace/usr_sbin_lpd6
-rw-r--r--etc/systrace/usr_sbin_named5
2 files changed, 8 insertions, 3 deletions
diff --git a/etc/systrace/usr_sbin_lpd b/etc/systrace/usr_sbin_lpd
index 95303029e16..bcc2ffc400e 100644
--- a/etc/systrace/usr_sbin_lpd
+++ b/etc/systrace/usr_sbin_lpd
@@ -1,4 +1,4 @@
-# $OpenBSD: usr_sbin_lpd,v 1.5 2004/05/13 04:50:04 sturm Exp $
+# $OpenBSD: usr_sbin_lpd,v 1.6 2014/07/14 05:48:18 guenther Exp $
#
# Policy for lpd.
# This policy works for the default configuration of lpd.
@@ -51,6 +51,7 @@ Policy: /usr/sbin/lpd, Emulation: native
native-ftruncate: permit
native-getdirentries: permit
native-getegid: permit
+ native-getentropy: permit
native-geteuid: permit
native-getpid: permit
native-getsockname: permit
@@ -60,6 +61,7 @@ Policy: /usr/sbin/lpd, Emulation: native
native-kill: permit
native-listen: permit
native-lseek: permit
+ native-minherit: permit
native-mmap: permit
native-mprotect: permit
native-mquery: permit
@@ -69,6 +71,7 @@ Policy: /usr/sbin/lpd, Emulation: native
native-read: permit
native-recvfrom: permit
native-select: permit
+ native-sendsyslog: permit
native-sendto: permit
native-setegid: gid eq "1" then permit
native-seteuid: uid eq "0" then permit
@@ -84,4 +87,3 @@ Policy: /usr/sbin/lpd, Emulation: native
native-umask: permit
native-wait4: permit
native-write: permit
-
diff --git a/etc/systrace/usr_sbin_named b/etc/systrace/usr_sbin_named
index 2a0c4038207..70257d120de 100644
--- a/etc/systrace/usr_sbin_named
+++ b/etc/systrace/usr_sbin_named
@@ -1,4 +1,4 @@
-# $OpenBSD: usr_sbin_named,v 1.6 2010/07/23 03:13:51 ray Exp $
+# $OpenBSD: usr_sbin_named,v 1.7 2014/07/14 05:48:18 guenther Exp $
#
# Policy for named that uses named user and chroots to /var/named
# This policy works for the default configuration of named.
@@ -47,6 +47,7 @@ Policy: /usr/sbin/named, Emulation: native
native-fswrite: filename eq "/var/run/named.pid" then permit
native-fswrite: filename match "/var/tmp/*" then permit
native-fsync: permit
+ native-getentropy: permit
native-getpid: permit
native-getppid: permit
native-getrlimit: permit
@@ -59,6 +60,7 @@ Policy: /usr/sbin/named, Emulation: native
native-kill: permit
native-listen: permit
native-lseek: permit
+ native-minherit: permit
native-mmap: permit
native-mprotect: permit
native-mquery: permit
@@ -71,6 +73,7 @@ Policy: /usr/sbin/named, Emulation: native
native-rename: filename match "/slave/*" and filename[1] match "/slave/*" then permit
native-select: permit
native-sendmsg: permit
+ native-sendsyslog: permit
native-sendto: true then permit
native-setegid: gid eq "70" then permit
native-seteuid: uid eq "70" and uname eq "named" then permit