diff options
| author |   deraadt <deraadt@openbsd.org> | 2017-01-23 04:25:05 +0000 |
|---|---|---|
| committer | deraadt <deraadt@openbsd.org> | 2017-01-23 04:25:05 +0000 |
| commit | b90d0acdeb38df181fb359762561863e3131b7a4 (patch) | |
| tree | 0a1c9f00b6812acc167d4ac0908bee3a0d1845ed /lib | |
| parent | add the mfii opcode for passthru commands (diff) | |
| download | wireguard-openbsd-b90d0acdeb38df181fb359762561863e3131b7a4.tar.xz wireguard-openbsd-b90d0acdeb38df181fb359762561863e3131b7a4.zip | |
Split pledge "ioctl" into "tape" and "bpf", and allow SIOCGIFGROUP only
upon "inet". Adjust the 4 programs that care about this.
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/libc/sys/pledge.2 | 52 |
1 files changed, 28 insertions, 24 deletions
diff --git a/lib/libc/sys/pledge.2 b/lib/libc/sys/pledge.2 index a8fdb8e5c46..bd93d45aadd 100644 --- a/lib/libc/sys/pledge.2 +++ b/lib/libc/sys/pledge.2 @@ -1,4 +1,4 @@ -.\" $OpenBSD: pledge.2,v 1.37 2016/10/27 10:48:25 schwarze Exp $ +.\" $OpenBSD: pledge.2,v 1.38 2017/01/23 04:25:05 deraadt Exp $ .\" .\" Copyright (c) 2015 Nicholas Marriott <nicm@openbsd.org> .\" @@ -14,7 +14,7 @@ .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" -.Dd $Mdocdate: October 27 2016 $ +.Dd $Mdocdate: January 23 2017 $ .Dt PLEDGE 2 .Os .Sh NAME @@ -76,11 +76,25 @@ Read-only, for .Pp .It Xr ioctl 2 Only the -.Dv FIONREAD +.Dv FIONREAD , +.Dv FIONBIO , +.Dv FIOCLEX , and -.Dv FIONBIO +.Dv FIONCLEX operations are allowed by default. -Use of the "tty" and "ioctl" promises receive more ioctl requests. +Various ioctl requests are allowed against specific file descriptors +based upon the requests +.Va "audio" , +.Va "bpf" , +.Va "disklabel" , +.Va "drm" , +.Va "inet" , +.Va "pf" , +.Va "route" , +.Va "tape" , +.Va "tty" , +and +.Va "vmm". .Pp .It Xr chmod 2 .It Xr fchmod 2 @@ -386,26 +400,12 @@ File descriptors referring to directories may not be passed. Allows receiving of file descriptors using .Xr recvmsg 2 . File descriptors referring to directories may not be passed. -.It Va "ioctl" -Allows a subset of -.Xr ioctl 2 -operations: -.Pp -.Dv FIOCLEX , -.Dv FIONCLEX , -.Dv FIOASYNC , -.Dv FIOGETOWN , -and -.Dv FIOSETOWN . -On a tty device -.Dv TIOCGETA will succeed otherwise fail with -.Er EPERM . -On a tty device, -.Dv TIOCGPGRP +.It Va "tape" +Allow +.Dv MTIOCGET and -.Dv TIOCGWINSZ -are allowed. -A few other operations are allowed, but not listed here. +.Dv MTIOCTOP +operations against tape drives. .It Va "tty" In addition to allowing read-write operations on .Pa /dev/tty , @@ -528,6 +528,10 @@ devices: .Dv AUDIO_SETPAR , .Dv AUDIO_START , .Dv AUDIO_STOP . +.It Va "bpf" +Allow +.Dv BIOCGSTATS +operation for statistics collection from a bpf device. .Pp See .Xr sio_open 3 |