implement new "prot_exec" tame(2) request:

- by default, a tamed-program don't have the possibility to use PROT_EXEC for mmap(2) or mprotect(2) - for that, use the request "prot_exec" (that could be dropped later) initial idea from deraadt@ and kettenis@ "make complete sense" beck@ ok deraadt@
author: semarie <semarie@openbsd.org> 2015-09-30 11:36:07 +0000
committer: semarie <semarie@openbsd.org> 2015-09-30 11:36:07 +0000
commit: f605d382ff82e8e1cee04abdc9b84060b714c5ac (patch)
tree: 72bee5f4b7a5b0d3b6a04c4b2d584497120b69e0 /sys/kern/kern_tame.c
parent: sleep until all references to an interface have been released during detach. (diff)
download: wireguard-openbsd-f605d382ff82e8e1cee04abdc9b84060b714c5ac.tar.xz
wireguard-openbsd-f605d382ff82e8e1cee04abdc9b84060b714c5ac.zip
1 files changed, 3 insertions, 2 deletions
diff --git a/sys/kern/kern_tame.c b/sys/kern/kern_tame.c
index c432f48d98b..5a3b17f99d1 100644
--- a/sys/kern/kern_tame.c
+++ b/sys/kern/kern_tame.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: kern_tame.c,v 1.44 2015/09/29 14:41:27 deraadt Exp $	*/
+/*	$OpenBSD: kern_tame.c,v 1.45 2015/09/30 11:36:07 semarie Exp $	*/
 
 /*
  * Copyright (c) 2015 Nicholas Marriott <nicm@openbsd.org>
@@ -226,7 +226,8 @@ static const struct {
 	{ "proc",		TAME_PROC },
 	{ "cpath",		TAME_CPATH },
 	{ "abort",		TAME_ABORT },
-	{ "fattr",		TAME_FATTR }
+	{ "fattr",		TAME_FATTR },
+	{ "prot_exec",		TAME_PROTEXEC },
 };
 
 int
author	semarie <semarie@openbsd.org>	2015-09-30 11:36:07 +0000
committer	semarie <semarie@openbsd.org>	2015-09-30 11:36:07 +0000
commit	f605d382ff82e8e1cee04abdc9b84060b714c5ac (patch)
tree	72bee5f4b7a5b0d3b6a04c4b2d584497120b69e0 /sys/kern/kern_tame.c
parent	sleep until all references to an interface have been released during detach. (diff)
download	wireguard-openbsd-f605d382ff82e8e1cee04abdc9b84060b714c5ac.tar.xz wireguard-openbsd-f605d382ff82e8e1cee04abdc9b84060b714c5ac.zip