Hi,
After all files are opened ripd(8) can have the fs access disabled just before
each process main loop. Its 2 childs already run under chroot, but since they
are still not pledged at least they have no way to read/write/create files
within
the chroot. No loads or reloads of the config file happen through any signal,
nor can we do it via ripctl(8).
I was able to run a simple daemon with the example file. Comments? OK?
Index: rde.c
===================================================================
RCS file: /cvs/src/usr.sbin/ripd/rde.c,v
retrieving revision 1.21
diff -u -p -u -r1.21 rde.c
--- rde.c 3 Sep 2016 10:28:08 -0000 1.21
+++ rde.c 30 Oct 2018 15:09:44 -0000
@@ -151,6 +151,11 @@ rde(struct ripd_conf *xconf, int pipe_pa
free(r);
}
+ if (unveil("/", "") == -1)
+ fatal("unveil");
+ if (unveil(NULL, NULL) == -1)
+ fatal("unveil");
+
event_dispatch();
rde_shutdown();
Index: ripd.c
===================================================================
RCS file: /cvs/src/usr.sbin/ripd/ripd.c,v
retrieving revision 1.30
diff -u -p -u -r1.30 ripd.c
--- ripd.c 3 Sep 2016 10:28:08 -0000 1.30
+++ ripd.c 30 Oct 2018 15:09:44 -0000
@@ -251,6 +251,11 @@ main(int argc, char *argv[])
conf->rdomain) == -1)
fatalx("kr_init failed");
+ if (unveil("/", "") == -1)
+ fatal("unveil");
+ if (unveil(NULL, NULL) == -1)
+ fatal("unveil");
+
event_dispatch();
ripd_shutdown();
Index: ripe.c
===================================================================
RCS file: /cvs/src/usr.sbin/ripd/ripe.c,v
retrieving revision 1.22
diff -u -p -u -r1.22 ripe.c
--- ripe.c 3 Sep 2016 10:28:08 -0000 1.22
+++ ripe.c 30 Oct 2018 15:09:44 -0000
@@ -201,6 +201,11 @@ ripe(struct ripd_conf *xconf, int pipe_p
ripe_imsg_compose_rde(IMSG_FULL_REQUEST, 0, 0, NULL, 0);
+ if (unveil("/", "") == -1)
+ fatal("unveil");
+ if (unveil(NULL, NULL) == -1)
+ fatal("unveil");
+
event_dispatch();
ripe_shutdown();
