On a SMALL_KERNEL, pledge "pf" has to be a no-op. We cannot match

the device node (since it does not exist...)
author: deraadt <deraadt@openbsd.org> 2015-11-29 03:23:19 +0000
committer: deraadt <deraadt@openbsd.org> 2015-11-29 03:23:19 +0000
commit: e64009201a5c5876bb7e2ec4d2d1597f6038c8fc (patch)
tree: 6ef85f275845e3e052848a6fa5e12894bf6a0737 /sys/kern/kern_pledge.c
parent: skeyinit needs pledge proc and exec to use BSD auth. (diff)
download: wireguard-openbsd-e64009201a5c5876bb7e2ec4d2d1597f6038c8fc.tar.xz
wireguard-openbsd-e64009201a5c5876bb7e2ec4d2d1597f6038c8fc.zip
1 files changed, 3 insertions, 1 deletions
diff --git a/sys/kern/kern_pledge.c b/sys/kern/kern_pledge.c
index 175378becb2..d05ba6b18fb 100644
--- a/sys/kern/kern_pledge.c
+++ b/sys/kern/kern_pledge.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: kern_pledge.c,v 1.127 2015/11/29 01:15:49 benno Exp $	*/
+/*	$OpenBSD: kern_pledge.c,v 1.128 2015/11/29 03:23:19 deraadt Exp $	*/
 
 /*
  * Copyright (c) 2015 Nicholas Marriott <nicm@openbsd.org>
@@ -1201,6 +1201,7 @@ pledge_ioctl(struct proc *p, long com, struct file *fp)
 	}
 
 	if ((p->p_p->ps_pledge & PLEDGE_PF)) {
+#ifndef SMALL_KERNEL
 		switch (com) {
 		case DIOCADDRULE:
 		case DIOCGETSTATUS:
@@ -1219,6 +1220,7 @@ pledge_ioctl(struct proc *p, long com, struct file *fp)
 				return (0);
 			break;
 		}
+#endif /* !SMALL_KERNEL */
 	}
 
 	if ((p->p_p->ps_pledge & PLEDGE_TTY)) {
author	deraadt <deraadt@openbsd.org>	2015-11-29 03:23:19 +0000
committer	deraadt <deraadt@openbsd.org>	2015-11-29 03:23:19 +0000
commit	e64009201a5c5876bb7e2ec4d2d1597f6038c8fc (patch)
tree	6ef85f275845e3e052848a6fa5e12894bf6a0737 /sys/kern/kern_pledge.c
parent	skeyinit needs pledge proc and exec to use BSD auth. (diff)
download	wireguard-openbsd-e64009201a5c5876bb7e2ec4d2d1597f6038c8fc.tar.xz wireguard-openbsd-e64009201a5c5876bb7e2ec4d2d1597f6038c8fc.zip