diff options
| author |   beck <beck@openbsd.org> | 2018-07-13 09:25:22 +0000 |
|---|---|---|
| committer | beck <beck@openbsd.org> | 2018-07-13 09:25:22 +0000 |
| commit | 8b23add8c74b86d0da67de43302cf21b97b028be (patch) | |
| tree | f1c0090b4f820a76d34793eb08027661681a4d3c /sys/kern/kern_exit.c | |
| parent | no longer interpret 0.192.168.4 in hosts(5) as 192.168.4/24 (diff) | |
| download | wireguard-openbsd-8b23add8c74b86d0da67de43302cf21b97b028be.tar.xz wireguard-openbsd-8b23add8c74b86d0da67de43302cf21b97b028be.zip | |
Unveiling unveil(2).
This brings unveil into the tree, disabled by default - Currently
this will return EPERM on all attempts to use it until we are
fully certain it is ready for people to start using, but this
now allows for others to do more tweaking and experimentation.
Still needs to send the unveil's across forks and execs before
fully enabling.
Many thanks to robert@ and deraadt@ for extensive testing.
ok deraadt@
Diffstat (limited to 'sys/kern/kern_exit.c')
| -rw-r--r-- | sys/kern/kern_exit.c | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/sys/kern/kern_exit.c b/sys/kern/kern_exit.c index dfd4e38078f..6bbf5fb2258 100644 --- a/sys/kern/kern_exit.c +++ b/sys/kern/kern_exit.c @@ -1,4 +1,4 @@ -/* $OpenBSD: kern_exit.c,v 1.164 2018/02/10 10:32:51 mpi Exp $ */ +/* $OpenBSD: kern_exit.c,v 1.165 2018/07/13 09:25:23 beck Exp $ */ /* $NetBSD: kern_exit.c,v 1.39 1996/04/22 01:38:25 christos Exp $ */ /* @@ -73,6 +73,7 @@ void proc_finish_wait(struct proc *, struct proc *); void process_zap(struct process *); void proc_free(struct proc *); +void unveil_destroy(struct process *ps); /* * exit -- @@ -606,6 +607,8 @@ process_zap(struct process *pr) */ (void)chgproccnt(pr->ps_ucred->cr_ruid, -1); + unveil_destroy(pr); + /* * Release reference to text vnode */ |