Add a dummy "flock" request that will allow file locking. It is

author millert <millert@openbsd.org>

Wed, 14 Oct 2015 22:34:47 +0000 (22:34 +0000)

committer millert <millert@openbsd.org>

Wed, 14 Oct 2015 22:34:47 +0000 (22:34 +0000)
author millert <millert@openbsd.org>
Wed, 14 Oct 2015 22:34:47 +0000 (22:34 +0000)
committer millert <millert@openbsd.org>
Wed, 14 Oct 2015 22:34:47 +0000 (22:34 +0000)
diff --git a/sys/kern/kern_pledge.c b/sys/kern/kern_pledge.c

index b37f95a..0fcd9f6 100644 (file)
--- a/sys/kern/kern_pledge.c
+++ b/sys/kern/kern_pledge.c
@@ -1,4 +1,4 @@
-/*     $OpenBSD: kern_pledge.c,v 1.25 2015/10/14 14:24:03 deraadt Exp $        */
+/*     $OpenBSD: kern_pledge.c,v 1.26 2015/10/14 22:34:47 millert Exp $        */
  
  /*
   * Copyright (c) 2015 Nicholas Marriott <nicm@openbsd.org>
@@ -224,8 +224,7 @@ const u_int pledge_syscalls[SYS_MAXSYSCALL] = {
         [SYS_setsockopt] = PLEDGE_INET | PLEDGE_UNIX,
         [SYS_getsockopt] = PLEDGE_INET | PLEDGE_UNIX,
  
-       /* XXX getpw for the ypbind.lock; all other flock users have cpath */
-       [SYS_flock] = PLEDGE_GETPW | PLEDGE_CPATH,
+       [SYS_flock] = PLEDGE_RW | PLEDGE_CPATH,
  };
  
  static const struct {
@@ -254,6 +253,7 @@ static const struct {
         { "abort",              PLEDGE_ABORT },
         { "fattr",              PLEDGE_FATTR },
         { "prot_exec",          PLEDGE_PROTEXEC },
+       { "flock",              PLEDGE_RW | PLEDGE_CPATH },
  };
  
  int
author	millert <millert@openbsd.org>
	Wed, 14 Oct 2015 22:34:47 +0000 (22:34 +0000)
committer	millert <millert@openbsd.org>
	Wed, 14 Oct 2015 22:34:47 +0000 (22:34 +0000)