CVSROOT: /cvs Module name: src Changes by: mes...@cvs.openbsd.org 2020/08/19 08:23:26
Modified files: usr.sbin/relayd: relayd.c Log message: add unveil(2) again this allows reading from anywhere in the filesystem (in order to read the config file and those ones included from it), but also executing, which I missed from my last attempt, because it's required for "check script(s)". even though it's a broad permission, and the main proc cannot be pledged due to forbidden ioctls, then this at least prevents it from creating/writing/deleting files which is not required here. OK benno@ a long time ago