diff options
| -rw-r--r-- | usr.sbin/hotplugd/hotplugd.c | 14 |
1 files changed, 10 insertions, 4 deletions
diff --git a/usr.sbin/hotplugd/hotplugd.c b/usr.sbin/hotplugd/hotplugd.c index 1b067b6ea33..f532f24d51a 100644 --- a/usr.sbin/hotplugd/hotplugd.c +++ b/usr.sbin/hotplugd/hotplugd.c @@ -1,4 +1,4 @@ -/* $OpenBSD: hotplugd.c,v 1.14 2016/07/31 20:13:12 natano Exp $ */ +/* $OpenBSD: hotplugd.c,v 1.15 2019/04/30 17:05:15 mestre Exp $ */ /* * Copyright (c) 2004 Alexander Yurchenko <grange@openbsd.org> * @@ -61,9 +61,6 @@ main(int argc, char *argv[]) struct sigaction sact; struct hotplug_event he; - if (pledge("stdio rpath proc exec", NULL) == -1) - err(1, "pledge"); - while ((ch = getopt(argc, argv, "d:")) != -1) switch (ch) { case 'd': @@ -79,6 +76,15 @@ main(int argc, char *argv[]) argv += optind; if (argc > 0) usage(); + + if (unveil(device, "r") == -1) + err(1, "unveil"); + if (unveil(_PATH_ETC_HOTPLUG_ATTACH, "rx") == -1) + err(1, "unveil"); + if (unveil(_PATH_ETC_HOTPLUG_DETACH, "rx") == -1) + err(1, "unveil"); + if (pledge("stdio rpath proc exec", NULL) == -1) + err(1, "pledge"); if ((devfd = open(device, O_RDONLY | O_CLOEXEC)) == -1) err(1, "%s", device); |