Index: usr_sbin_lpd
===================================================================
RCS file: /home/cvs/src/etc/systrace/usr_sbin_lpd,v
retrieving revision 1.9
diff -u -p -u -p -r1.9 usr_sbin_lpd
--- usr_sbin_lpd 13 Sep 2015 17:08:04 -0000 1.9
+++ usr_sbin_lpd 28 Mar 2016 14:11:40 -0000
@@ -12,7 +12,9 @@ Policy: /usr/sbin/lpd, Emulation: native
native-chdir: permit
native-chmod: filename eq "/var/run/printer" then permit
native-chown: filename eq "/var/run/printer" then permit
+ native-clock_gettime: permit
native-close: permit
+ native-connect: sockaddr eq "/var/run/printer" then permit
native-connect: sockaddr match "inet-*:53" then permit
native-connect: sockaddr sub ":515" then permit
native-dup2: permit
@@ -30,6 +32,7 @@ Policy: /usr/sbin/lpd, Emulation: native
native-fsread: filename eq "/etc/spwd.db" then deny[eperm]
native-fsread: filename eq "/usr/libexec/ld.so" then permit
native-fsread: filename eq "/var/run/ld.so.hints" then permit
+ native-fsread: filename eq "/var/run/ypbind.lock" then permit
native-fsread: filename eq "<non-existent filename>" then deny[enoent]
native-fsread: filename match "/usr/lib" then permit
native-fsread: filename match "/usr/share/nls" then permit
Probably going to be obsolete once lpd gets pledged, but as it stands,
the lpd systrace policy is missing these system calls.
