On Sat, Mar 11, 2017 at 05:44:51PM +0900, Stefan Sperling wrote: > pledge() currently forbids IP_HDRINCL in setsockopt(). > > If I allow it in "inet", I can pledge /usr/ports/net/mtr (a traceroute tool) > to "stdio rpath inet dns tty". >
IP_HDRINCL is used in net/mtr to avoid defining multiples sockets (one per protocol) and to control TOS and TTL fields in the IP header. As alternative code is present in net.c (in case IP_HDRINCL isn't defined), isn't possible to use it instead of extending "inet" promise ? Thanks. -- Sebastien Marie
