From 4a8e8d61ba300efed7f1f952c84f7507916af19b Mon Sep 17 00:00:00 2001
From: kn <kn@openbsd.org>
Date: Wed, 3 Mar 2021 09:32:11 +0000
Subject: [PATCH] Unveil only /etc/resolv.conf and /etc/resolv.conf.new not
 /etc/

Unveiling the entire directory stems from earlier development cycles
and is by no means required now, only the two files are created,
read from and written to.

OK deraadt florian semarie
---
 sbin/resolvd/resolvd.c | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/sbin/resolvd/resolvd.c b/sbin/resolvd/resolvd.c
index 1e2ec871d5a..6fe56455bd9 100644
--- a/sbin/resolvd/resolvd.c
+++ b/sbin/resolvd/resolvd.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: resolvd.c,v 1.9 2021/03/02 17:11:28 deraadt Exp $	*/
+/*	$OpenBSD: resolvd.c,v 1.10 2021/03/03 09:32:11 kn Exp $	*/
 /*
  * Copyright (c) 2021 Florian Obser <florian@openbsd.org>
  * Copyright (c) 2021 Theo de Raadt <deraadt@openbsd.org>
@@ -216,8 +216,10 @@ main(int argc, char *argv[])
 
 	solicit_dns_proposals(routesock);
 
-	if (unveil("/etc", "rwc") == -1)
-		lerr(1, "unveil /etc");
+	if (unveil(_PATH_RESCONF, "rwc") == -1)
+		lerr(1, "unveil " _PATH_RESCONF);
+	if (unveil(_PATH_RESCONF_NEW, "rwc") == -1)
+		lerr(1, "unveil " _PATH_RESCONF_NEW);
 #ifndef SMALL
 	if (unveil(_PATH_UNWIND_SOCKET, "r") == -1)
 		lerr(1, "unveil " _PATH_UNWIND_SOCKET);
-- 
2.20.1