From 5929c5d03da275ae0da509ebdc9fd41f0e047078 Mon Sep 17 00:00:00 2001
From: millert <millert@openbsd.org>
Date: Wed, 14 Oct 2015 22:34:47 +0000
Subject: [PATCH] Add a dummy "flock" request that will allow file locking.  It
 is not currently enforced but we want the kernel to be able to parse it for
 an upcoming diff in the next few days.

---
 sys/kern/kern_pledge.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/sys/kern/kern_pledge.c b/sys/kern/kern_pledge.c
index b37f95ab73c..0fcd9f6e019 100644
--- a/sys/kern/kern_pledge.c
+++ b/sys/kern/kern_pledge.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: kern_pledge.c,v 1.25 2015/10/14 14:24:03 deraadt Exp $	*/
+/*	$OpenBSD: kern_pledge.c,v 1.26 2015/10/14 22:34:47 millert Exp $	*/
 
 /*
  * Copyright (c) 2015 Nicholas Marriott <nicm@openbsd.org>
@@ -224,8 +224,7 @@ const u_int pledge_syscalls[SYS_MAXSYSCALL] = {
 	[SYS_setsockopt] = PLEDGE_INET | PLEDGE_UNIX,
 	[SYS_getsockopt] = PLEDGE_INET | PLEDGE_UNIX,
 
-	/* XXX getpw for the ypbind.lock; all other flock users have cpath */
-	[SYS_flock] = PLEDGE_GETPW | PLEDGE_CPATH,
+	[SYS_flock] = PLEDGE_RW | PLEDGE_CPATH,
 };
 
 static const struct {
@@ -254,6 +253,7 @@ static const struct {
 	{ "abort",		PLEDGE_ABORT },
 	{ "fattr",		PLEDGE_FATTR },
 	{ "prot_exec",		PLEDGE_PROTEXEC },
+	{ "flock",		PLEDGE_RW | PLEDGE_CPATH },
 };
 
 int
-- 
2.20.1