From d5dc31a79f667c4cedbee1fd924cce6958a38693 Mon Sep 17 00:00:00 2001
From: Theo de Raadt <deraadt@cvs.openbsd.org>
Date: Fri, 7 Oct 2022 14:59:40 +0000
Subject: Add mimmutable(2) system call which locks the permissions (PROT_*) of
 memory mappings so they cannot be changed by a later mmap(), mprotect(), or
 munmap(), which will error with EPERM instead. ok kettenis

---
 sys/kern/kern_pledge.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

(limited to 'sys/kern/kern_pledge.c')

diff --git a/sys/kern/kern_pledge.c b/sys/kern/kern_pledge.c
index 30d6d48c050..86a7780e82d 100644
--- a/sys/kern/kern_pledge.c
+++ b/sys/kern/kern_pledge.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: kern_pledge.c,v 1.295 2022/09/05 16:37:47 mbuhl Exp $	*/
+/*	$OpenBSD: kern_pledge.c,v 1.296 2022/10/07 14:59:39 deraadt Exp $	*/
 
 /*
  * Copyright (c) 2015 Nicholas Marriott <nicm@openbsd.org>
@@ -150,6 +150,7 @@ const uint64_t pledge_syscalls[SYS_MAXSYSCALL] = {
 	[SYS_minherit] = PLEDGE_STDIO,
 	[SYS_mmap] = PLEDGE_STDIO,
 	[SYS_mprotect] = PLEDGE_STDIO,
+	[SYS_mimmutable] = PLEDGE_STDIO,
 	[SYS_mquery] = PLEDGE_STDIO,
 	[SYS_munmap] = PLEDGE_STDIO,
 	[SYS_msync] = PLEDGE_STDIO,
-- 
cgit v1.2.3