diff options
| author |   florian <florian@openbsd.org> | 2019-03-02 16:11:10 +0000 |
|---|---|---|
| committer | florian <florian@openbsd.org> | 2019-03-02 16:11:10 +0000 |
| commit | 5e1f1384262047d51292341d693602362ff1157a (patch) | |
| tree | e5df1e5290f8ea12bee79bd28f3b7a7c5268ad3a | |
| parent | Bump VMM_MAX_NAME_LEN to 64 to allow for longer vm names. (diff) | |
| download | wireguard-openbsd-5e1f1384262047d51292341d693602362ff1157a.tar.xz wireguard-openbsd-5e1f1384262047d51292341d693602362ff1157a.zip | |
Unfortunately we cannot use unveil in the main process since this
breaks config reload.
We cannot simply unveil the config file since it might appear after startup
and the config file syntax allows to include other files.
This is a problem with all the other parse.y based privsep'ed daemons
as well.
pledge("rpath") has to be enough for now.
| -rw-r--r-- | sbin/unwind/unwind.c | 5 |
1 files changed, 1 insertions, 4 deletions
diff --git a/sbin/unwind/unwind.c b/sbin/unwind/unwind.c index 8445d1915da..4d02153fb70 100644 --- a/sbin/unwind/unwind.c +++ b/sbin/unwind/unwind.c @@ -1,4 +1,4 @@ -/* $OpenBSD: unwind.c,v 1.17 2019/03/01 08:02:25 florian Exp $ */ +/* $OpenBSD: unwind.c,v 1.18 2019/03/02 16:11:10 florian Exp $ */ /* * Copyright (c) 2018 Florian Obser <florian@openbsd.org> @@ -304,9 +304,6 @@ main(int argc, char *argv[]) main_imsg_compose_frontend_fd(IMSG_ROUTESOCK, 0, frontend_routesock); main_imsg_send_config(main_conf); - if (unveil(LEASE_DB_DIR, "r") == -1 && errno != ENOENT) - err(1, "unveil"); - if (pledge("stdio inet dns rpath sendfd", NULL) == -1) fatal("pledge"); |