Re: pledge xenodm

[Ricardo Mestre]

prodded by deraadt@, here's a rebased diff on xenocara's source root directory,
usually /usr/xenocara.

Index: app/xenodm/xenodm/dm.c
===================================================================
RCS file: /cvs/xenocara/app/xenodm/xenodm/dm.c,v
retrieving revision 1.6
diff -u -p -u -r1.6 dm.c
--- app/xenodm/xenodm/dm.c      11 Jul 2018 16:57:04 -0000      1.6
+++ app/xenodm/xenodm/dm.c      3 Nov 2018 11:10:06 -0000
@@ -604,6 +604,10 @@ StartDisplay (struct display *d)
        Debug ("pid: %d\n", pid);
        d->pid = pid;
        d->status = running;
+
+       if (pledge("stdio rpath cpath proc", NULL) == -1)
+               exit(OPENFAILED_DISPLAY);
+
        break;
     }
 }
Index: app/xenodm/xenodm/session.c
===================================================================
RCS file: /cvs/xenocara/app/xenodm/xenodm/session.c,v
retrieving revision 1.12
diff -u -p -u -r1.12 session.c
--- app/xenodm/xenodm/session.c 11 Jul 2018 20:28:41 -0000      1.12
+++ app/xenodm/xenodm/session.c 3 Nov 2018 11:10:06 -0000
@@ -378,6 +378,10 @@ StartClient (
     default:
        Debug ("StartSession, fork succeeded %d\n", pid);
        *pidp = pid;
+
+       if (pledge("stdio rpath wpath cpath fattr dns proc exec id", NULL) == 
-1)
+               exit(25);
+
        return 1;
     }
 }