On Sat, Sep 01, 2018 at 10:38:09PM +0200, Sebastian Benoit wrote:
> Remi Locherer([email protected]) on 2018.09.01 21:53:21 +0200:
> > Hi,
> >
> > Since slaacd is able to use pledge in the parent process I thought it may
> > be possible for ospfd too.
> >
> > It works fine until ospfd gets reloaded. At this point it uses setsockopt
> > to set the priority filter on the routing socket.
> >
> > Since I could not find a promise for this I extended wroute. Does this make
> > sense? Would another promise or something completely different be better?
>
> just route would be good enough, because route is for receiving routes,
> and the route filter just changes which routes you get.
>
> does the
>
> area ... {
> demote carp
> ....
> }
>
> feature and the
>
>
> interface if { demote carp ... }
>
> feature still work with this pledge?
No, it does not:
79534 ospfd CALL recvmsg(3,0x7f7fffff8a40,0)
79534 ospfd GIO fd 3 read 36 bytes
"8\0\0\0$\0\0\0\0\0\0\0Wx\^A\0carp\0\0\0\0\0\0\0\0\0\0\0\0\^A\0\0\0"
79534 ospfd STRU struct msghdr { name=0x0, namelen=0, iov=0x7f7fffff8a30,
iovlen=1, control=0x7f7fffff8a70, controllen=0, flags=0x80<MSG_DONTWAIT> }
79534 ospfd STRU struct iovec { base=0xcc3203c5034, len=65499 }
79534 ospfd RET recvmsg 36/0x24
79534 ospfd CALL socket(AF_INET,0x2<SOCK_DGRAM>,0)
79534 ospfd PLDG socket, "dns", errno 1 Operation not permitted
79534 ospfd PSIG SIGABRT SIG_DFL
79534 ospfd NAMI "ospfd.core"
This is from socket(AF_INET, SOCK_DGRAM, 0) in carp_demote_get. The same
function needs ioctl(s, SIOCGIFGATTR, (caddr_t)&ifgr) afterwards.
