CVSROOT: /cvs
Module name: src
Changes by: [email protected] 2015/10/23 10:39:13
Modified files:
usr.sbin/ntpd : ntpd.c
Log message:
Rather than re-opening the driftfile to write, keep it open; rewinding
and coping with error conditions... that lets us avoid a pledge "wpath".
Putting it all together, this lets the master ntpd pledge "stdio rpath
inet settime proc id". It works like this: "rpath" to load the
certificates, "proc" to create constraint processes, "id" to chroot
and lock the constraint processes into a jail, then "inet" to open a
https session. "settime" is used by the master to manage the system
time when the ntp-speaking engine instructs the master.
with help from naddy
