On Sat, Oct 23, 2021 at 06:55:02PM +0100, Ricardo Mestre wrote: > does rad(8) actually need rpath here? as far as i can see it needs to open the > config, plus its includes, but that is already done before pledge(2) by imsg > sending IMSG_RECONF_CONF. > > florian@ is this correct or am i trusting too much on my eyes?
If I correctly followed the code path, rad(8) is split in 3 processes: - 'main' - 'frontend' - 'engine' Here, you are modifing pledge(2) for 'main' process. 'main' process has a signal handler (main_sig_handler) which will call main_reload() on SIGHUP. main_reload() will open `conffile` (using fopen(3)), before sending the config read to childs. Due to fopen(3), "rpath" is required for 'main' process. So florian@ is correct :) Thanks. -- Sebastien Marie
