52 lines
1.2 KiB
Text
52 lines
1.2 KiB
Text
Patch to use pledge on OpenBSD.
|
|
locale is needed for idn2.
|
|
|
|
Index: bin/dig/host.c
|
|
--- bin/dig/host.c.orig
|
|
+++ bin/dig/host.c
|
|
@@ -18,6 +18,7 @@
|
|
#include <locale.h>
|
|
#include <stdbool.h>
|
|
#include <stdlib.h>
|
|
+#include <unistd.h>
|
|
|
|
#include <isc/app.h>
|
|
#include <isc/attributes.h>
|
|
@@ -908,6 +909,15 @@ main(int argc, char **argv) {
|
|
dighost_trying = trying;
|
|
dighost_shutdown = host_shutdown;
|
|
|
|
+ /*
|
|
+ * unix: needed for startup check, isc_net_probeunix.
|
|
+ * (unix sockets used in controlconf).
|
|
+ */
|
|
+ if (pledge("stdio rpath inet unix dns unveil", NULL) == -1) {
|
|
+ perror("pledge");
|
|
+ exit(1);
|
|
+ }
|
|
+
|
|
debug("main()");
|
|
progname = argv[0];
|
|
pre_parse_args(argc, argv);
|
|
@@ -921,6 +931,21 @@ main(int argc, char **argv) {
|
|
} else if (keysecret[0] != 0) {
|
|
setup_text_key();
|
|
}
|
|
+
|
|
+ if (unveil("/usr/share/locale", "r") == -1) {
|
|
+ perror("unveil /usr/share/locale");
|
|
+ exit(1);
|
|
+ }
|
|
+ /*
|
|
+ * dns: resolv.conf, also allows port 53 sockets
|
|
+ * inet: needed if we query on port != 53
|
|
+ * rpath: locale
|
|
+ */
|
|
+ if (pledge("stdio rpath inet dns", NULL) == -1) {
|
|
+ perror("pledge");
|
|
+ exit(1);
|
|
+ }
|
|
+
|
|
result = isc_app_onrun(mctx, global_task, onrun_callback, NULL);
|
|
check_result(result, "isc_app_onrun");
|
|
isc_app_run();
|