diff options
| author |   deraadt <deraadt@openbsd.org> | 2015-10-17 23:50:04 +0000 |
|---|---|---|
| committer | deraadt <deraadt@openbsd.org> | 2015-10-17 23:50:04 +0000 |
| commit | aeda2bc1482c038af48f66f417a485587f2cafc1 (patch) | |
| tree | 49c165c8cc4449ca59019b16d7beeff52f41cbf2 | |
| parent | connect() to an AF_UNIX socket is really read/write, so tell pledge this (diff) | |
| download | wireguard-openbsd-aeda2bc1482c038af48f66f417a485587f2cafc1.tar.xz wireguard-openbsd-aeda2bc1482c038af48f66f417a485587f2cafc1.zip | |
naddy asks me if __tfork should be allowed by "proc". yes!
We may need a better semantic later ("thread"?), but this allows
progress, and people can report their experiences.
| -rw-r--r-- | sys/kern/kern_pledge.c | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/sys/kern/kern_pledge.c b/sys/kern/kern_pledge.c index c4f47f88fb9..a3f8a09b14e 100644 --- a/sys/kern/kern_pledge.c +++ b/sys/kern/kern_pledge.c @@ -1,4 +1,4 @@ -/* $OpenBSD: kern_pledge.c,v 1.47 2015/10/17 23:12:46 deraadt Exp $ */ +/* $OpenBSD: kern_pledge.c,v 1.48 2015/10/17 23:50:04 deraadt Exp $ */ /* * Copyright (c) 2015 Nicholas Marriott <nicm@openbsd.org> @@ -89,6 +89,7 @@ const u_int pledge_syscalls[SYS_MAXSYSCALL] = { [SYS_fchdir] = PLEDGE_SELF, /* careful of directory fd inside jails */ /* needed by threaded programs */ + [SYS___tfork] = PLEDGE_PROC, [SYS_sched_yield] = PLEDGE_SELF, [SYS___thrsleep] = PLEDGE_SELF, [SYS___thrwakeup] = PLEDGE_SELF, |