diff options
-rw-r--r-- | regress/bin/systrace/id/id.policy | 51 | ||||
-rw-r--r-- | regress/bin/systrace/symlink/ln.policy | 20 |
2 files changed, 37 insertions, 34 deletions
diff --git a/regress/bin/systrace/id/id.policy b/regress/bin/systrace/id/id.policy index 35502cb2af5..65e405df7c7 100644 --- a/regress/bin/systrace/id/id.policy +++ b/regress/bin/systrace/id/id.policy @@ -1,33 +1,36 @@ -# $OpenBSD: id.policy,v 1.3 2014/07/14 05:44:59 guenther Exp $ +# $OpenBSD: id.policy,v 1.4 2014/07/14 05:49:14 guenther Exp $ Policy: /usr/bin/id, Emulation: native - native-issetugid: permit - native-mprotect: permit - native-mmap: permit - native-fsread: filename eq "/var/run/ld.so.hints" then permit - native-fstat: permit - native-close: permit - native-fsread: filename match "/usr/lib/libc.so.*" then permit - native-read: permit - native-mquery: permit - native-munmap: permit - native-sigprocmask: permit + native-__kbind: permit + native-__set_tcb: permit native-__sysctl: permit - native-fsread: filename eq "/etc/malloc.conf" then permit native-break: permit - native-getuid: permit - native-ioctl: permit - native-fsread: filename eq "/etc/spwd.db" then permit - native-fsread: filename eq "/etc/pwd.db" then permit + native-close: permit + native-exit: permit native-fcntl: permit - native-pread: permit - native-geteuid: permit - native-getgid: permit native-fsread: filename eq "/etc/group" then permit + native-fsread: filename eq "/etc/malloc.conf" then permit + native-fsread: filename eq "/etc/pwd.db" then permit + native-fsread: filename eq "/etc/spwd.db" then permit + native-fsread: filename eq "/var/run/ld.so.hints" then permit + native-fsread: filename match "/usr/lib/libc.so.*" then permit + native-fstat: permit native-getegid: permit + native-getentropy: permit + native-geteuid: permit + native-getgid: permit native-getgroups: permit - native-write: permit - native-exit: permit + native-getpid: permit native-getrlimit: permit - native-getentropy: permit + native-getuid: permit + native-ioctl: permit + native-issetugid: permit native-minherit: permit - + native-mmap: permit + native-mprotect: permit + native-mquery: permit + native-munmap: permit + native-pread: permit + native-read: permit + native-sendsyslog: permit + native-sigprocmask: permit + native-write: permit diff --git a/regress/bin/systrace/symlink/ln.policy b/regress/bin/systrace/symlink/ln.policy index 1303ee077ed..58220416dfc 100644 --- a/regress/bin/systrace/symlink/ln.policy +++ b/regress/bin/systrace/symlink/ln.policy @@ -1,17 +1,17 @@ -# $OpenBSD: ln.policy,v 1.2 2014/07/14 05:44:59 guenther Exp $ +# $OpenBSD: ln.policy,v 1.3 2014/07/14 05:49:14 guenther Exp $ Policy: /bin/ln, Emulation: native native-__sysctl: permit - native-mmap: permit - native-mprotect: permit - native-fsread: permit - native-symlink: filename match "/*" then permit - native-munmap: permit + native-close: permit native-exit: permit - native-write: permit - native-issetugid: permit + native-fsread: permit native-fstat: permit - native-close: permit native-getentropy: permit + native-issetugid: permit native-minherit: permit - + native-mmap: permit + native-mprotect: permit + native-munmap: permit + native-sendsyslog: permit + native-symlink: filename match "/*" then permit + native-write: permit |