Hi,
switchd(8)'s main proc needs to open the following paths, and which can be
unveiled:
/ -> read, it will open config files from anywhere in the system, and also
needs to open /etc/services
/dev -> read/write, in order to open /dev/tap* and /dev/switch*
Just before the main loop the devices were already opened so we can drop wpath
from pledge(2). We still need to keep rpath since the daemon may receive a
SIGHUP and reload the config files again, along with /etc/services.
Another option is to just remove the current pledge(2) placement and add the
one I have below, this way there's no need to unveil /dev, just / .
Comments? OK?
Index: switchd.c
===================================================================
RCS file: /cvs/src/usr.sbin/switchd/switchd.c,v
retrieving revision 1.16
diff -u -p -u -r1.16 switchd.c
--- switchd.c 10 Sep 2018 13:21:39 -0000 1.16
+++ switchd.c 11 Jul 2019 09:08:07 -0000
@@ -191,6 +191,10 @@ main(int argc, char *argv[])
log_procinit("parent");
+ if (unveil("/", "r") == -1)
+ fatal("unveil");
+ if (unveil("/dev", "rw") == -1)
+ fatal("unveil");
/*
* pledge in the parent process:
* stdio - for malloc and basic I/O including events.
@@ -221,6 +225,9 @@ main(int argc, char *argv[])
if (parent_configure(sc) == -1)
fatalx("configuration failed");
+
+ if (pledge("stdio rpath inet dns sendfd", NULL) == -1)
+ fatal("pledge");
event_dispatch();
