CVSROOT:        /cvs
Module name:    src
Changes by:     mes...@cvs.openbsd.org  2019/07/11 00:55:02

Modified files:
        sbin/dhclient  : dhclient.c 

Log message:
The privileged process of dhclient(8) runs several ioctl(2)s that are forbidden
by pledge(2) and therefore we cannot add it here. Instead we can restrict the
filesystem access to only two files, mentioned below, via unveil(2).

- /etc/resolv.conf -> write/create permissions
- /etc/resolv.conf.tail -> read permissions

OK brynet@ deraadt@ kn@
krw@ left the decision to other people who understand unveil(2)

Reply via email to