diff options
| author | Sebastian Benoit <benno@cvs.openbsd.org> | 2015-11-28 18:10:13 +0000 |
|---|---|---|
| committer | Sebastian Benoit <benno@cvs.openbsd.org> | 2015-11-28 18:10:13 +0000 |
| commit | b8889d5b473f3f11cab98f558c556bbf4e21b702 (patch) | |
| tree | 3725e87d6da865311a089b81eb4393f1e87b870c /usr.sbin | |
| parent | 2445b49a1c9d9e759a5d5b5bfb9a303fd60f709b (diff) | |
pledge: allow getsockopt IP_IPDEFTTL with promise inet
then relayd's host check engine can be pledged.
ok reyk@, approach suggested by deraadt@ weeks ago.
Diffstat (limited to 'usr.sbin')
| -rw-r--r-- | usr.sbin/relayd/hce.c | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/usr.sbin/relayd/hce.c b/usr.sbin/relayd/hce.c index f7fc77cc144..0c520a27577 100644 --- a/usr.sbin/relayd/hce.c +++ b/usr.sbin/relayd/hce.c @@ -1,4 +1,4 @@ -/* $OpenBSD: hce.c,v 1.69 2015/01/22 17:42:09 reyk Exp $ */ +/* $OpenBSD: hce.c,v 1.70 2015/11/28 18:10:12 benno Exp $ */ /* * Copyright (c) 2006 Pierre-Yves Ritschard <pyr@openbsd.org> @@ -69,6 +69,9 @@ hce_init(struct privsep *ps, struct privsep_proc *p, void *arg) /* Allow maximum available sockets for TCP checks */ socket_rlimit(-1); + + if (pledge("stdio inet", NULL) == -1) + fatal("hce: pledge"); } void |