From a86da25fabc6cee69632a5e98f64135c30a21238 Mon Sep 17 00:00:00 2001
From: Nicholas Marriott <nicm@cvs.openbsd.org>
Date: Sun, 25 Oct 2015 00:02:01 +0000
Subject: Allow getsockopt(IP_OPTIONS) (with inet), needed by portmap (for
 RPC).

ok deraadt
---
 sys/kern/kern_pledge.c | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

(limited to 'sys/kern')

diff --git a/sys/kern/kern_pledge.c b/sys/kern/kern_pledge.c
index 4840300478b..f5211a06ba6 100644
--- a/sys/kern/kern_pledge.c
+++ b/sys/kern/kern_pledge.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: kern_pledge.c,v 1.68 2015/10/23 15:53:49 deraadt Exp $	*/
+/*	$OpenBSD: kern_pledge.c,v 1.69 2015/10/25 00:02:00 nicm Exp $	*/
 
 /*
  * Copyright (c) 2015 Nicholas Marriott <nicm@openbsd.org>
@@ -1193,6 +1193,10 @@ pledge_sockopt_check(struct proc *p, int level, int optname)
 		break;
 	case IPPROTO_IP:
 		switch (optname) {
+		case IP_OPTIONS:
+			if (p->p_pledge_syscall == SYS_getsockopt)
+				return (0);
+			break;
 		case IP_TOS:
 		case IP_TTL:
 		case IP_MINTTL:
-- 
cgit v1.2.3