From 915a6fa87f58b41dd37b60efa5b66fe71defca79 Mon Sep 17 00:00:00 2001 From: Reyk Floeter Date: Fri, 8 Jan 2016 11:28:06 +0000 Subject: Keep the pledge of the vmm and vm processes disabled for now as long as there is some more expected progress in the kernel interface. It can be tested, and should work, with the previous kernel commit of the "vmm" pledge, but is not called. --- usr.sbin/vmd/vmm.c | 19 ++++++++++++++++--- 1 file changed, 16 insertions(+), 3 deletions(-) (limited to 'usr.sbin') diff --git a/usr.sbin/vmd/vmm.c b/usr.sbin/vmd/vmm.c index 587ad33d758..b96344f47e2 100644 --- a/usr.sbin/vmd/vmm.c +++ b/usr.sbin/vmd/vmm.c @@ -1,4 +1,4 @@ -/* $OpenBSD: vmm.c,v 1.17 2016/01/08 08:12:21 stefan Exp $ */ +/* $OpenBSD: vmm.c,v 1.18 2016/01/08 11:28:05 reyk Exp $ */ /* * Copyright (c) 2015 Mike Larkin @@ -193,9 +193,12 @@ vmm_run(struct privsep *ps, struct privsep_proc *p, void *arg) /* * pledge in the vmm process: * stdio - for malloc and basic I/O including events. - * XXX vmm - for the vmm ioctls and operations + * vmm - for the vmm ioctls and operations. + * proc - for forking and maitaining vms. + * recvfd - for disks, interfaces and other fds. */ - if (pledge("stdio vmm", NULL) == -1) + /* XXX'ed pledge to hide it from grep as long as it's disabled */ + if (XXX("stdio vmm recvfd proc", NULL) == -1) fatal("pledge"); #endif @@ -480,6 +483,16 @@ start_vm(struct imsg *imsg, uint32_t *id) fatal("create vmm ioctl failed - exiting"); } +#if 0 + /* + * pledge in the vm processes: + * stdio - for malloc and basic I/O including events. + * vmm - for the vmm ioctls and operations. + */ + if (XXX("stdio vmm", NULL) == -1) + fatal("pledge"); +#endif + /* * Set up default "flat 32 bit" register state - RIP, * RSP, and GDT info will be set in bootloader -- cgit v1.2.3