This breaks usage of the "include" keyword. Something that all the parse.y daemons support.
On October 26, 2018 5:26:06 PM GMT+02:00, Remi Locherer <[email protected]> wrote: >Hi, > >this restricts ospfd's parent process to only read it's config file >(reload) >and unlink the control socket on exit. I added unveil after the setup >of >the control socket is done since chmod is used in control_init. > >OK? > >Remi > > >Index: ospfd.c >=================================================================== >RCS file: /cvs/src/usr.sbin/ospfd/ospfd.c,v >retrieving revision 1.100 >diff -u -p -r1.100 ospfd.c >--- ospfd.c 29 Aug 2018 08:43:17 -0000 1.100 >+++ ospfd.c 26 Oct 2018 15:10:08 -0000 >@@ -278,6 +278,13 @@ main(int argc, char *argv[]) > fatalx("control socket setup failed"); > main_imsg_compose_ospfe_fd(IMSG_CONTROLFD, 0, control_fd); > >+ if (unveil(conffile, "r") == -1) >+ fatal("unveil"); >+ if (unveil(ospfd_conf->csock, "c") == -1) >+ fatal("unveil"); >+ if (unveil(NULL, NULL) == -1) >+ fatal("unveil"); >+ > if (kr_init(!(ospfd_conf->flags & OSPFD_FLAG_NO_FIB_UPDATE), > ospfd_conf->rdomain, ospfd_conf->redist_label_or_prefix) == -1) > fatalx("kr_init failed"); -- Sent from my Android device with K-9 Mail. Please excuse my brevity.
