> This does the trick. It probably doesn't make sense to run multiple > copies of all of the privsep daemons though I see definite use cases > for httpd, snmpd [v4 and v6 need separate daemons], and possibly some > others, but it would be better to keep them all in-sync..
Yes, if we go this way, please let's keep them in sync. There's always some cases where you'd like to run multiple copies of a daemon -- even temporarily (and even for the non obvious ones). > Index: etc/rc.d/httpd > =================================================================== > RCS file: /cvs/src/etc/rc.d/httpd,v > retrieving revision 1.3 > diff -u -p -r1.3 httpd > --- etc/rc.d/httpd 22 Jul 2014 17:37:16 -0000 1.3 > +++ etc/rc.d/httpd 27 Jan 2016 22:22:11 -0000 > @@ -6,6 +6,4 @@ daemon="/usr/sbin/httpd" > > . /etc/rc.d/rc.subr > > -pexp="httpd: parent.*" > - \o/ this is what I expected :-) > rc_cmd $1 > Index: usr.sbin/httpd/httpd.c > =================================================================== > RCS file: /cvs/src/usr.sbin/httpd/httpd.c,v > retrieving revision 1.53 > diff -u -p -r1.53 httpd.c > --- usr.sbin/httpd/httpd.c 3 Dec 2015 11:46:25 -0000 1.53 > +++ usr.sbin/httpd/httpd.c 27 Jan 2016 22:22:11 -0000 > @@ -248,7 +248,6 @@ main(int argc, char *argv[]) > > proc_init(ps, procs, nitems(procs)); > > - setproctitle("parent"); > log_procinit("parent"); > > if (pledge("stdio rpath wpath cpath inet dns proc ioctl sendfd", > -- Antoine