diff options
author | Philip Guenther <guenther@cvs.openbsd.org> | 2014-07-14 05:48:19 +0000 |
---|---|---|
committer | Philip Guenther <guenther@cvs.openbsd.org> | 2014-07-14 05:48:19 +0000 |
commit | 9fe0151a5b766dc320283a15e478c1211e508877 (patch) | |
tree | 29f47098e7f76a6bd562a19c717ff66502235319 /etc/systrace | |
parent | 45b78295a24fab009ae459795e302c877c64788b (diff) |
Update for arc4random and syslog changes
Diffstat (limited to 'etc/systrace')
-rw-r--r-- | etc/systrace/usr_sbin_lpd | 6 | ||||
-rw-r--r-- | etc/systrace/usr_sbin_named | 5 |
2 files changed, 8 insertions, 3 deletions
diff --git a/etc/systrace/usr_sbin_lpd b/etc/systrace/usr_sbin_lpd index 95303029e16..bcc2ffc400e 100644 --- a/etc/systrace/usr_sbin_lpd +++ b/etc/systrace/usr_sbin_lpd @@ -1,4 +1,4 @@ -# $OpenBSD: usr_sbin_lpd,v 1.5 2004/05/13 04:50:04 sturm Exp $ +# $OpenBSD: usr_sbin_lpd,v 1.6 2014/07/14 05:48:18 guenther Exp $ # # Policy for lpd. # This policy works for the default configuration of lpd. @@ -51,6 +51,7 @@ Policy: /usr/sbin/lpd, Emulation: native native-ftruncate: permit native-getdirentries: permit native-getegid: permit + native-getentropy: permit native-geteuid: permit native-getpid: permit native-getsockname: permit @@ -60,6 +61,7 @@ Policy: /usr/sbin/lpd, Emulation: native native-kill: permit native-listen: permit native-lseek: permit + native-minherit: permit native-mmap: permit native-mprotect: permit native-mquery: permit @@ -69,6 +71,7 @@ Policy: /usr/sbin/lpd, Emulation: native native-read: permit native-recvfrom: permit native-select: permit + native-sendsyslog: permit native-sendto: permit native-setegid: gid eq "1" then permit native-seteuid: uid eq "0" then permit @@ -84,4 +87,3 @@ Policy: /usr/sbin/lpd, Emulation: native native-umask: permit native-wait4: permit native-write: permit - diff --git a/etc/systrace/usr_sbin_named b/etc/systrace/usr_sbin_named index 2a0c4038207..70257d120de 100644 --- a/etc/systrace/usr_sbin_named +++ b/etc/systrace/usr_sbin_named @@ -1,4 +1,4 @@ -# $OpenBSD: usr_sbin_named,v 1.6 2010/07/23 03:13:51 ray Exp $ +# $OpenBSD: usr_sbin_named,v 1.7 2014/07/14 05:48:18 guenther Exp $ # # Policy for named that uses named user and chroots to /var/named # This policy works for the default configuration of named. @@ -47,6 +47,7 @@ Policy: /usr/sbin/named, Emulation: native native-fswrite: filename eq "/var/run/named.pid" then permit native-fswrite: filename match "/var/tmp/*" then permit native-fsync: permit + native-getentropy: permit native-getpid: permit native-getppid: permit native-getrlimit: permit @@ -59,6 +60,7 @@ Policy: /usr/sbin/named, Emulation: native native-kill: permit native-listen: permit native-lseek: permit + native-minherit: permit native-mmap: permit native-mprotect: permit native-mquery: permit @@ -71,6 +73,7 @@ Policy: /usr/sbin/named, Emulation: native native-rename: filename match "/slave/*" and filename[1] match "/slave/*" then permit native-select: permit native-sendmsg: permit + native-sendsyslog: permit native-sendto: true then permit native-setegid: gid eq "70" then permit native-seteuid: uid eq "70" and uname eq "named" then permit |