diff options
| author |   mestre <mestre@openbsd.org> | 2017-06-12 23:37:44 +0000 |
|---|---|---|
| committer | mestre <mestre@openbsd.org> | 2017-06-12 23:37:44 +0000 |
| commit | 2c62a746e9c059a085a056587c1e12301b2f378f (patch) | |
| tree | a15b326118ee0aa7b2ed92c44bac3443afc77e16 | |
| parent | have the timeout call if qstart via the serialiser isntead of directly (diff) | |
| download | wireguard-openbsd-2c62a746e9c059a085a056587c1e12301b2f378f.tar.xz wireguard-openbsd-2c62a746e9c059a085a056587c1e12301b2f378f.zip | |
pledge(2) bpf has been in use for some time now on tcpdump(8), this will enable
it also for pflogd(8)'s priv proc.
OK deraadt@
| -rw-r--r-- | sbin/pflogd/privsep.c | 7 |
1 files changed, 2 insertions, 5 deletions
diff --git a/sbin/pflogd/privsep.c b/sbin/pflogd/privsep.c index 9bef398a5e9..6b81bc6339a 100644 --- a/sbin/pflogd/privsep.c +++ b/sbin/pflogd/privsep.c @@ -1,4 +1,4 @@ -/* $OpenBSD: privsep.c,v 1.24 2017/01/23 04:25:05 deraadt Exp $ */ +/* $OpenBSD: privsep.c,v 1.25 2017/06/12 23:37:44 mestre Exp $ */ /* * Copyright (c) 2003 Can Erkin Acar @@ -118,12 +118,9 @@ priv_init(void) setproctitle("[priv]"); close(socks[1]); - -#if notyet - /* This needs to do bpf ioctl */ if (pledge("stdio rpath wpath cpath sendfd proc bpf", NULL) == -1) err(1, "pledge"); -#endif + while (!gotsig_chld) { if (may_read(socks[0], &cmd, sizeof(int))) break; |