From 5138effbbdb474a1583fb5d100fc2306ab71f478 Mon Sep 17 00:00:00 2001
From: deraadt <>
Date: Sat, 3 Oct 2015 02:48:54 +0000
Subject: [PATCH] the ntp dns process only needs tame "dns rw" to operate.  at
 least, that's the case after kernel code got fixed to handle inet6 for dns...

---
 src/usr.sbin/ntpd/ntp_dns.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/src/usr.sbin/ntpd/ntp_dns.c b/src/usr.sbin/ntpd/ntp_dns.c
index 4a63bffe..eadb0b45 100644
--- a/src/usr.sbin/ntpd/ntp_dns.c
+++ b/src/usr.sbin/ntpd/ntp_dns.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: ntp_dns.c,v 1.10 2015/03/24 18:25:27 henning Exp $ */
+/*	$OpenBSD: ntp_dns.c,v 1.11 2015/10/03 02:48:54 deraadt Exp $ */
 
 /*
  * Copyright (c) 2003-2008 Henning Brauer <henning@openbsd.org>
@@ -90,6 +90,9 @@ ntp_dns(int pipe_ntp[2], struct ntpd_conf *nconf, struct passwd *pw)
 		fatal(NULL);
 	imsg_init(ibuf_dns, pipe_ntp[1]);
 
+	if (tame("dns rw", NULL) == -1)
+		err(1, "tame");
+
 	while (quit_dns == 0) {
 		pfd[0].fd = ibuf_dns->fd;
 		pfd[0].events = POLLIN;