diff options
| author |   provos <provos@openbsd.org> | 2002-07-18 21:32:02 +0000 |
|---|---|---|
| committer | provos <provos@openbsd.org> | 2002-07-18 21:32:02 +0000 |
| commit | 7bd034fa1ea110ffe6c05ca614876dc93b30b024 (patch) | |
| tree | ad62e00bba9501542b62158932a9dd9ab5dd2c4e | |
| parent | use inet_aton(), until this is made v6 aware (diff) | |
| download | wireguard-openbsd-7bd034fa1ea110ffe6c05ca614876dc93b30b024.tar.xz wireguard-openbsd-7bd034fa1ea110ffe6c05ca614876dc93b30b024.zip | |
update policy
| -rw-r--r-- | etc/systrace/usr_sbin_lpd | 10 |
1 files changed, 9 insertions, 1 deletions
diff --git a/etc/systrace/usr_sbin_lpd b/etc/systrace/usr_sbin_lpd index acd6525d485..9811878afa9 100644 --- a/etc/systrace/usr_sbin_lpd +++ b/etc/systrace/usr_sbin_lpd @@ -4,6 +4,7 @@ Policy: /usr/sbin/lpd, Emulation: native native-__sysctl: permit native-accept: permit native-bind: sockaddr eq "/var/run/printer" then permit + native-bind: sockaddr eq "inet-[0.0.0.0]:0" then permit native-bind: sockaddr match "inet-*:515" then permit native-break: permit native-chdir: permit @@ -12,12 +13,14 @@ Policy: /usr/sbin/lpd, Emulation: native native-close: permit native-connect: sockaddr eq "/dev/log" then permit native-connect: sockaddr match "inet-*:53" then permit + native-connect: sockaddr sub ":515" then permit native-dup2: permit native-exit: permit native-fchmod: permit native-fcntl: permit native-fork: permit native-fsread: filename eq "/dev/arandom" then permit + native-fsread: filename eq "/etc/hosts" then permit native-fsread: filename eq "/etc/malloc.conf" then permit native-fsread: filename eq "/etc/printcap" then permit native-fsread: filename eq "/etc/printcap.db" then permit @@ -44,6 +47,8 @@ Policy: /usr/sbin/lpd, Emulation: native native-getegid: permit native-geteuid: permit native-getpid: permit + native-getsockname: permit + native-getsockopt: permit native-gettimeofday: permit native-issetugid: permit native-kill: permit @@ -52,17 +57,19 @@ Policy: /usr/sbin/lpd, Emulation: native native-mmap: permit native-mprotect: permit native-munmap: permit + native-nanosleep: permit native-pread: permit native-read: permit native-recvfrom: permit native-select: permit native-sendto: permit native-setegid: gid eq "1" then permit - native-setegid: permit native-seteuid: uid eq "0" then permit native-seteuid: uid eq "1" then permit + native-setitimer: permit native-setpgid: permit native-setsid: permit + native-setsockopt: permit native-sigaction: permit native-sigprocmask: permit native-sigreturn: permit @@ -70,3 +77,4 @@ Policy: /usr/sbin/lpd, Emulation: native native-umask: permit native-wait4: permit native-write: permit + |