diff options
| author | YASUOKA Masahiko <yasuoka@cvs.openbsd.org> | 2011-07-08 06:14:55 +0000 |
|---|---|---|
| committer | YASUOKA Masahiko <yasuoka@cvs.openbsd.org> | 2011-07-08 06:14:55 +0000 |
| commit | 5e006c78b08ceb835fdb47a2419e2cfe0fcd9490 (patch) | |
| tree | a82df04f76ee7e54ef22f80c8b474ea0a825bac8 /usr.sbin/npppd/common/ipsec_util_local.h | |
| parent | daeab2e3f1bf3c98a7e53bb97ad37c5f2c46d656 (diff) | |
Improved npppd privileged separations:
- Changed finalizing way to the privileged process. In old way, the
privileged process could not aware abnormal exit of the process in
jail. Then the processes in jail remained as zombies. Created a
pipe to monitor the privileged process, the privileged process can
exit in peace by using the pipe.
- npppd will exit abnormally when the privileged process exits
abnormally.
- PF_KEY socket requires privileges.
- Return correct "errno" to the jail in priv_open().
- Cleanup.
ok hsuenaga@
Diffstat (limited to 'usr.sbin/npppd/common/ipsec_util_local.h')
| -rw-r--r-- | usr.sbin/npppd/common/ipsec_util_local.h | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/usr.sbin/npppd/common/ipsec_util_local.h b/usr.sbin/npppd/common/ipsec_util_local.h index ac7694855c1..8cbb683d771 100644 --- a/usr.sbin/npppd/common/ipsec_util_local.h +++ b/usr.sbin/npppd/common/ipsec_util_local.h @@ -56,4 +56,10 @@ static int sockaddr_is_valid (struct sockaddr *); #define countof(x) (sizeof((x)) / sizeof((x)[0])) #endif +#ifdef USE_IPSEC_UTIL_PRIVSEP +#include <stdio.h> +#include "privsep.h" +#define socket priv_socket +#endif + struct timeval const KEYSOCK_RCVTIMEO = { .tv_sec = 0, .tv_usec = 500000L }; |