CVSROOT: /cvs
Module name: src
Changes by: [email protected] 2015/10/20 12:04:03
Modified files:
sys/sys : pledge.h socket.h
sys/kern : kern_pledge.c uipc_syscalls.c
sys/netinet : in_pcb.c
sys/netinet6 : in6_pcb.c
Log message:
At guenther's suggestion replace dnssocket() with a SOCK_DNS flag on
socket(). Without pledge, all other socket behaviours become permitted,
except this one case: connect/send* only works to *:53. In pledge mode,
a very few are further restricted. Some backwards compatibility for
the dnssocket/dnsconnect calls will remain in the tree temporarily so
that people can build through the transition.
ok tedu guenther semarie
