On Fri, Oct 26, 2018 at 06:01:40PM +0200, Florian Obser wrote: > This breaks usage of the "include" keyword. Something that all the parse.y > daemons support. >
Oh, of course! I guess this is similar to unveil files based on a list of command line args. > On October 26, 2018 5:26:06 PM GMT+02:00, Remi Locherer > <[email protected]> wrote: > >Hi, > > > >this restricts ospfd's parent process to only read it's config file > >(reload) > >and unlink the control socket on exit. I added unveil after the setup > >of > >the control socket is done since chmod is used in control_init. > > > >OK? > > > >Remi > > > > > >Index: ospfd.c > >=================================================================== > >RCS file: /cvs/src/usr.sbin/ospfd/ospfd.c,v > >retrieving revision 1.100 > >diff -u -p -r1.100 ospfd.c > >--- ospfd.c 29 Aug 2018 08:43:17 -0000 1.100 > >+++ ospfd.c 26 Oct 2018 15:10:08 -0000 > >@@ -278,6 +278,13 @@ main(int argc, char *argv[]) > > fatalx("control socket setup failed"); > > main_imsg_compose_ospfe_fd(IMSG_CONTROLFD, 0, control_fd); > > > >+ if (unveil(conffile, "r") == -1) > >+ fatal("unveil"); > >+ if (unveil(ospfd_conf->csock, "c") == -1) > >+ fatal("unveil"); > >+ if (unveil(NULL, NULL) == -1) > >+ fatal("unveil"); > >+ > > if (kr_init(!(ospfd_conf->flags & OSPFD_FLAG_NO_FIB_UPDATE), > > ospfd_conf->rdomain, ospfd_conf->redist_label_or_prefix) == -1) > > fatalx("kr_init failed"); > > -- > Sent from my Android device with K-9 Mail. Please excuse my brevity.
