I agree. Jonathan Matthew <[email protected]> wrote:
> ldapd currently can't reopen its database files, because it always passes > O_CREAT to open() when reopening (see ldapd_open_request()), which means it > needs the unveil 'c' flag. This may have been missed when ldapd was unveiled > because 'ldapctl compact' was broken (see other diff). > > ok? > > > Index: ldapd.c > =================================================================== > RCS file: /cvs/src/usr.sbin/ldapd/ldapd.c,v > retrieving revision 1.29 > diff -u -p -r1.29 ldapd.c > --- ldapd.c 14 Jul 2021 13:33:57 -0000 1.29 > +++ ldapd.c 15 Dec 2021 03:42:04 -0000 > @@ -243,7 +243,7 @@ main(int argc, char *argv[]) > err(1, "unveil %s.db", _PATH_LOGIN_CONF); > if (unveil(_PATH_AUTHPROGDIR, "x") == -1) > err(1, "unveil %s", _PATH_AUTHPROGDIR); > - if (unveil(datadir, "rw") == -1) > + if (unveil(datadir, "rwc") == -1) > err(1, "unveil %s", datadir); > if (unveil(NULL, NULL) == -1) > err(1, "unveil"); >
