Well the first step is to back the commit out.
Stuart Henderson <[email protected]> wrote:
> ---------------------
> Date: 2019/04/24 20:13:49
> Author: mestre
> Branch: HEAD
> Tag: (none)
> Log:
> restrict filesystem access to read only on main process via unveil(2)
>
> ok benno@ deraadt@
>
> Members:
> relayd.c:1.174->1.175
> ---------------------
>
> This breaks "check script". OK, or any better ideas?
>
> Index: relayd.c
> ===================================================================
> RCS file: /cvs/src/usr.sbin/relayd/relayd.c,v
> retrieving revision 1.180
> diff -u -p -r1.180 relayd.c
> --- relayd.c 26 Jun 2019 12:13:47 -0000 1.180
> +++ relayd.c 30 Aug 2019 16:44:57 -0000
> @@ -223,11 +223,6 @@ main(int argc, char *argv[])
> if (ps->ps_noaction == 0)
> log_info("startup");
>
> - if (unveil("/", "r") == -1)
> - err(1, "unveil");
> - if (unveil(NULL, NULL) == -1)
> - err(1, "unveil");
> -
> event_init();
>
> signal_set(&ps->ps_evsigint, SIGINT, parent_sig_handler, ps);
>
