Hi!
Simple pledge around nohup, it starts with "stdio rpath wpath cpath
exec" and then after nohup.out file is open(2)'ed it can drop to "stdio
exec" only:
Index: nohup.c
===================================================================
RCS file: /cvs/src/usr.bin/nohup/nohup.c,v
retrieving revision 1.15
diff -u -p -u -r1.15 nohup.c
--- nohup.c 16 Jan 2015 06:40:10 -0000 1.15
+++ nohup.c 9 Nov 2015 12:55:08 -0000
@@ -73,6 +73,9 @@ main(int argc, char *argv[])
{
int exit_status;
+ if (pledge("stdio rpath wpath cpath exec", NULL) == -1)
+ err(1, "pledge");
+
if (argc < 2)
usage();
@@ -116,6 +119,9 @@ dofile(void)
errx(EXIT_MISC, "can't open a nohup.out file");
dupit:
+ if (pledge("stdio exec", NULL) == -1)
+ err(1, "pledge");
+
(void)lseek(fd, (off_t)0, SEEK_END);
if (dup2(fd, STDOUT_FILENO) == -1)
err(EXIT_MISC, NULL);
Best regards,
Ricardo Mestre
