CVSROOT: /cvs
Module name: src
Changes by: mes...@cvs.openbsd.org 2020/08/19 08:23:26
Modified files:
usr.sbin/relayd: relayd.c
Log message:
add unveil(2) again
this allows reading from anywhere in the filesystem (in order to read the
config file and those ones included from it), but also executing, which I
missed from my last attempt, because it's required for "check script(s)".
even though it's a broad permission, and the main proc cannot be pledged due to
forbidden ioctls, then this at least prevents it from creating/writing/deleting
files which is not required here.
OK benno@ a long time ago
