On 00:55 Thu 11 Jul , Ricardo Mestre wrote: > CVSROOT: /cvs > Module name: src > Changes by: mes...@cvs.openbsd.org 2019/07/11 00:55:02 > > Modified files: > sbin/dhclient : dhclient.c > > Log message: > The privileged process of dhclient(8) runs several ioctl(2)s that are > forbidden > by pledge(2) and therefore we cannot add it here. Instead we can restrict the > filesystem access to only two files, mentioned below, via unveil(2). > > - /etc/resolv.conf -> write/create permissions > - /etc/resolv.conf.tail -> read permissions > > OK brynet@ deraadt@ kn@ > krw@ left the decision to other people who understand unveil(2) >
This was also OK sthen@