| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
| |
proc_init(). As a consequence vmd(8) child processes did not detach
from the terminal anymore. Dup /dev/null to the stdio file descriptors
in the children.
OK mlarkin@ reyk@
|
| |
|
|
|
|
|
| |
sockets cause no harm and this way we close another attack surface by not
allowing the daemon to create/delete any more files.
OK florian@
|
| |
|
|
| |
From Carlos Cardenas, who discussed this with reyk@ also. Thanks!
|
| |
|
|
| |
From Carlos Cardenas, many thanks!
|
| | |
|
| |
|
|
| |
steal code.
|
| |
|
|
|
|
|
|
| |
This replaces log_verbose() and "extern int verbose" with the two functions
log_setverbose() and log_getverbose().
Pointed out by benno@
OK krw@ eric@ gilles@ (OK gilles@ for the snmpd bits as well)
|
| |
|
|
|
|
| |
basically imports the imsg_flush() fix from reyk@ in httpd(8).
ok reyk@
|
| |
|
|
|
|
|
|
|
| |
New changes:
* Fix msgbuf_write() usage idiom;
* Add context (function name) that fatal()ed;
* Use less fds on startup;
ok mlarkin@, reyk@
|
| |
|
|
|
|
| |
and remove the CLOEXEC with fcntl() if necessary.
ok reyk@
|
| |
|
|
|
| |
From deraadt@
OK rzalamena@
|
| |
|
|
|
|
|
|
|
|
|
| |
operations that aren't allowed under pledge. This is a companion to
the "vmd" process that runs as root but with pledge.
With the "priv" process, each new tap(4) interface now gets a
description to indicate the vm, eg. "vm1-if0-myvm". For network
configuration will be done by vmd/priv later.
OK mlarkin@
|
| |
|
|
| |
No objections from mlarkin@ sunil@
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
| |
initially left it out because I didn't have a need for it. But it is
actually quite useful to carry a reference to the imsg data context
across processes.
|
|
|
process into multiple parts and adopting the "proc.c"-style from other
daemons. This allows to further reduce the privileges, to give better
pledge(2), and to add some upcoming changes.
"please do" mlarkin@, deraadt@
|
bluhm
mestre
mlarkin
benno
krw
reyk
rzalamena
claudio