mirror of
https://github.com/openbsd/ports.git
synced 2026-06-18 07:24:23 +02:00
sthen
59 lines
1.3 KiB
Plaintext
59 lines
1.3 KiB
Plaintext
Patch to use pledge on OpenBSD.
|
|
locale is needed for idn2.
|
|
cert.pem is needed for DoT.
|
|
|
|
Index: bin/dig/dig.c
|
|
--- bin/dig/dig.c.orig
|
|
+++ bin/dig/dig.c
|
|
@@ -18,6 +18,7 @@
|
|
#include <stdbool.h>
|
|
#include <stdlib.h>
|
|
#include <time.h>
|
|
+#include <unistd.h>
|
|
|
|
#include <isc/attributes.h>
|
|
#include <isc/dir.h>
|
|
@@ -3423,6 +3424,16 @@ dig_setup(int argc, char **argv) {
|
|
preparse_args(argc, argv);
|
|
|
|
setup_libs();
|
|
+
|
|
+ /*
|
|
+ * unix: needed for startup check, isc_net_probeunix.
|
|
+ * (unix sockets used in controlconf).
|
|
+ */
|
|
+ if (pledge("stdio rpath inet unix dns unveil", NULL) == -1) {
|
|
+ perror("pledge");
|
|
+ exit(1);
|
|
+ }
|
|
+
|
|
setup_system(ipv4only, ipv6only);
|
|
}
|
|
|
|
@@ -3436,6 +3447,25 @@ dig_query_setup(bool is_batchfile, bool config_only, i
|
|
} else if (keysecret[0] != 0) {
|
|
setup_text_key();
|
|
}
|
|
+
|
|
+ if (unveil("/usr/share/locale", "r") == -1) {
|
|
+ perror("unveil /usr/share/locale");
|
|
+ exit(1);
|
|
+ }
|
|
+ if (unveil("/etc/ssl/cert.pem", "r") == -1) {
|
|
+ perror("unveil /etc/ssl/cert.pem");
|
|
+ exit(1);
|
|
+ }
|
|
+ /*
|
|
+ * dns: resolv.conf, also allows port 53 sockets
|
|
+ * inet: needed if we query on port != 53
|
|
+ * rpath: locale and cert.pem
|
|
+ */
|
|
+ if (pledge("stdio rpath inet dns", NULL) == -1) {
|
|
+ perror("pledge");
|
|
+ exit(1);
|
|
+ }
|
|
+
|
|
if (domainopt[0] != '\0') {
|
|
set_search_domain(domainopt);
|
|
usesearch = true;
|