45 lines
1,011 B
Text
45 lines
1,011 B
Text
|
Patch to use pledge on OpenBSD.
|
||
|
|
locale is needed for idn2.
|
||
|
|
|
||
|
|
Index: bin/dig/nslookup.c
|
||
|
|
--- bin/dig/nslookup.c.orig
|
||
|
|
+++ bin/dig/nslookup.c
|
||
|
|
@@ -941,6 +941,15 @@ main(int argc, char **argv) {
|
||
|
|
result = isc_app_start();
|
||
|
|
check_result(result, "isc_app_start");
|
||
|
|
|
||
|
|
+ /*
|
||
|
|
+ * unix: needed for startup check, isc_net_probeunix.
|
||
|
|
+ * (unix sockets used in controlconf).
|
||
|
|
+ */
|
||
|
|
+ if (pledge("stdio rpath inet unix dns unveil", NULL) == -1) {
|
||
|
|
+ perror("pledge");
|
||
|
|
+ exit(1);
|
||
|
|
+ }
|
||
|
|
+
|
||
|
|
setup_libs();
|
||
|
|
progname = argv[0];
|
||
|
|
|
||
|
|
@@ -951,6 +960,21 @@ main(int argc, char **argv) {
|
||
|
|
} else if (keysecret[0] != 0) {
|
||
|
|
setup_text_key();
|
||
|
|
}
|
||
|
|
+
|
||
|
|
+ if (unveil("/usr/share/locale", "r") == -1) {
|
||
|
|
+ perror("unveil /usr/share/locale");
|
||
|
|
+ exit(1);
|
||
|
|
+ }
|
||
|
|
+ /*
|
||
|
|
+ * dns: resolv.conf, also allows port 53 sockets
|
||
|
|
+ * inet: needed if we query on port != 53
|
||
|
|
+ * rpath: locale
|
||
|
|
+ */
|
||
|
|
+ if (pledge("stdio rpath inet dns", NULL) == -1) {
|
||
|
|
+ perror("pledge");
|
||
|
|
+ exit(1);
|
||
|
|
+ }
|
||
|
|
+
|
||
|
|
if (domainopt[0] != '\0') {
|
||
|
|
set_search_domain(domainopt);
|
||
|
|
}
|