diff options
| author |   reyk <reyk@openbsd.org> | 2016-07-20 21:01:06 +0000 |
|---|---|---|
| committer | reyk <reyk@openbsd.org> | 2016-07-20 21:01:06 +0000 |
| commit | bc1461ff1f67677332b9999ed8a1de75b0dfc642 (patch) | |
| tree | 013271d7e7ea9f4d98a4cefc2833cc039f882bab /usr.sbin/switchd/switchd.c | |
| parent | Plug potential leak of device list. (diff) | |
| download | wireguard-openbsd-bc1461ff1f67677332b9999ed8a1de75b0dfc642.tar.xz wireguard-openbsd-bc1461ff1f67677332b9999ed8a1de75b0dfc642.zip | |
pledge(2) all the switchd processes.
Diffstat (limited to 'usr.sbin/switchd/switchd.c')
| -rw-r--r-- | usr.sbin/switchd/switchd.c | 16 |
1 files changed, 13 insertions, 3 deletions
diff --git a/usr.sbin/switchd/switchd.c b/usr.sbin/switchd/switchd.c index 57e4b1abf1d..57881cad45b 100644 --- a/usr.sbin/switchd/switchd.c +++ b/usr.sbin/switchd/switchd.c @@ -1,4 +1,4 @@ -/* $OpenBSD: switchd.c,v 1.4 2016/07/20 11:43:31 jsg Exp $ */ +/* $OpenBSD: switchd.c,v 1.5 2016/07/20 21:01:06 reyk Exp $ */ /* * Copyright (c) 2013-2016 Reyk Floeter <reyk@openbsd.org> @@ -54,7 +54,7 @@ __dead void usage(void); static struct privsep_proc procs[] = { { "ofp", PROC_OFP, NULL, ofp }, { "control", PROC_CONTROL, parent_dispatch_control, control }, - { "ofcconn", PROC_OFCCONN, NULL, ofcconn_proc_init } + { "ofcconn", PROC_OFCCONN, NULL, ofcconn } }; __dead void @@ -169,8 +169,18 @@ main(int argc, char *argv[]) ps->ps_ninstances = 1; proc_init(ps, procs, nitems(procs)); + log_procinit("parent"); - setproctitle("parent"); + /* + * pledge in the parent process: + * stdio - for malloc and basic I/O including events. + * rpath - for reload to open and read the configuration files. + * inet - for opening OpenFlow and device sockets. + * dns - for resolving host in the configuration files. + * sendfd - send sockets to child processes on reload. + */ + if (pledge("stdio rpath inet dns proc sendfd", NULL) == -1) + fatal("pledge"); event_init(); |