> In many bpf-using programs, bpf is setup before privs are droppped,
> then locked, and then no significant ioctl's are done after that.
>
> So please show the userland diffs that use this.
You're right. I was thinking of arp(8) but that code path is write only.
I wrote it for the GSoC dhcpd which keeps a routing socket for interfaces
arriving/departing (plugging USB NICs or adding vlan(4)s into your router
really shouldn't make the dhcpd process die; even deleting interfaces will
keep the rest of the system serving happily).
It probably doesn't have to be there; the privileged part of the code fits
on a screen anyway and only does the bare minimum.
The uint64_t part still stands.
Index: kern/kern_pledge.c
===================================================================
RCS file: /cvs/src/sys/kern/kern_pledge.c,v
retrieving revision 1.174
diff -u -p -r1.174 kern_pledge.c
--- kern/kern_pledge.c 3 Jul 2016 04:36:08 -0000 1.174
+++ kern/kern_pledge.c 5 Jul 2016 17:35:04 -0000
@@ -79,7 +79,7 @@
#include "drm.h"
#endif
-int pledgereq_flags(const char *req);
+uint64_t pledgereq_flags(const char *req);
int canonpath(const char *input, char *buf, size_t bufsize);
int substrcmp(const char *p1, size_t s1, const char *p2, size_t s2);
int resolvpath(struct proc *p, char **rdir, size_t *rdirlen, char **cwd,
@@ -404,7 +405,7 @@ sys_pledge(struct proc *p, void *v, regi
if (SCARG(uap, request)) {
size_t rbuflen;
char *rbuf, *rp, *pn;
- int f;
+ uint64_t f;
rbuf = malloc(MAXPATHLEN, M_TEMP, M_WAITOK);
error = copyinstr(SCARG(uap, request), rbuf, MAXPATHLEN,
@@ -1514,7 +1534,7 @@ pledge_swapctl(struct proc *p)
}
/* bsearch over pledgereq. return flags value if found, 0 else */
-int
+uint64_t
pledgereq_flags(const char *req_name)
{
int base = 0, cmp, i, lim;
