diff options
| -rw-r--r-- | usr.sbin/nsd/nsd.c | 5 | ||||
| -rw-r--r-- | usr.sbin/nsd/server.c | 6 |
2 files changed, 11 insertions, 0 deletions
diff --git a/usr.sbin/nsd/nsd.c b/usr.sbin/nsd/nsd.c index 2420a6512e1..d2084b77ae2 100644 --- a/usr.sbin/nsd/nsd.c +++ b/usr.sbin/nsd/nsd.c @@ -1111,6 +1111,11 @@ main(int argc, char *argv[]) nsd.username)); } #endif /* HAVE_GETPWNAM */ + + if (pledge("stdio rpath wpath cpath dns inet proc", NULL) == -1) + error("pledge"); + + xfrd_make_tempdir(&nsd); #ifdef USE_ZONE_STATS options_zonestatnames_create(nsd.options); diff --git a/usr.sbin/nsd/server.c b/usr.sbin/nsd/server.c index 9ac2687885d..13093165098 100644 --- a/usr.sbin/nsd/server.c +++ b/usr.sbin/nsd/server.c @@ -301,6 +301,12 @@ restart_child_servers(struct nsd *nsd, region_type* region, netio_type* netio, /* the child need not be able to access the * nsd.db file */ namedb_close_udb(nsd->db); + + if (pledge("stdio rpath inet", NULL) == -1) { + log_msg(LOG_ERR, "pledge"); + exit(1); + } + nsd->pid = 0; nsd->child_count = 0; nsd->server_kind = nsd->children[i].kind; |