Permit kern.somaxconn when the unix pledge is used. Previously this was only

allowed when inet was used.

This lets Go programs use 'unix' without also including 'inet'.

from Josh Rickmar

ok / tree review from deraadt@, commit message cluestick from tb@

diff --git a/sys/kern/kern_pledge.c b/sys/kern/kern_pledge.c
index 2de0d50..daa7892 100644 (file)
--- a/sys/kern/kern_pledge.c
+++ b/sys/kern/kern_pledge.c
@@ -1,4 +1,4 @@
-/*     $OpenBSD: kern_pledge.c,v 1.270 2021/02/03 22:46:55 tobhe Exp $ */
+/*     $OpenBSD: kern_pledge.c,v 1.271 2021/03/25 21:27:45 abieber Exp $       */
 
 /*
  * Copyright (c) 2015 Nicholas Marriott <nicm@openbsd.org>
@@ -888,7 +888,7 @@ pledge_sysctl(struct proc *p, int miblen, int *mib, void *new)
                        return (0);
        }
 
-       if ((p->p_p->ps_pledge & PLEDGE_INET)) {
+       if ((p->p_p->ps_pledge & (PLEDGE_INET | PLEDGE_UNIX))) {
                if (miblen == 2 &&              /* kern.somaxconn */
                    mib[0] == CTL_KERN && mib[1] == KERN_SOMAXCONN)
                        return (0);