From fbc71be3ba88ae26c6feccbf0edb6476d59ea8e8 Mon Sep 17 00:00:00 2001
From: guenther <>
Date: Mon, 14 Jul 2014 05:48:18 +0000
Subject: [PATCH] Update for arc4random and syslog changes

---
 src/etc/systrace/usr_sbin_lpd   | 6 ++++--
 src/etc/systrace/usr_sbin_named | 5 ++++-
 2 files changed, 8 insertions(+), 3 deletions(-)

diff --git a/src/etc/systrace/usr_sbin_lpd b/src/etc/systrace/usr_sbin_lpd
index 95303029..bcc2ffc4 100644
--- a/src/etc/systrace/usr_sbin_lpd
+++ b/src/etc/systrace/usr_sbin_lpd
@@ -1,4 +1,4 @@
-# $OpenBSD: usr_sbin_lpd,v 1.5 2004/05/13 04:50:04 sturm Exp $
+# $OpenBSD: usr_sbin_lpd,v 1.6 2014/07/14 05:48:18 guenther Exp $
 #
 # Policy for lpd.
 # This policy works for the default configuration of lpd.
@@ -51,6 +51,7 @@ Policy: /usr/sbin/lpd, Emulation: native
 	native-ftruncate: permit
 	native-getdirentries: permit
 	native-getegid: permit
+	native-getentropy: permit
 	native-geteuid: permit
 	native-getpid: permit
 	native-getsockname: permit
@@ -60,6 +61,7 @@ Policy: /usr/sbin/lpd, Emulation: native
 	native-kill: permit
 	native-listen: permit
 	native-lseek: permit
+	native-minherit: permit
 	native-mmap: permit
 	native-mprotect: permit
 	native-mquery: permit
@@ -69,6 +71,7 @@ Policy: /usr/sbin/lpd, Emulation: native
 	native-read: permit
 	native-recvfrom: permit
 	native-select: permit
+	native-sendsyslog: permit
 	native-sendto: permit
 	native-setegid: gid eq "1" then permit
 	native-seteuid: uid eq "0" then permit
@@ -84,4 +87,3 @@ Policy: /usr/sbin/lpd, Emulation: native
 	native-umask: permit
 	native-wait4: permit
 	native-write: permit
-
diff --git a/src/etc/systrace/usr_sbin_named b/src/etc/systrace/usr_sbin_named
index 2a0c4038..70257d12 100644
--- a/src/etc/systrace/usr_sbin_named
+++ b/src/etc/systrace/usr_sbin_named
@@ -1,4 +1,4 @@
-# $OpenBSD: usr_sbin_named,v 1.6 2010/07/23 03:13:51 ray Exp $
+# $OpenBSD: usr_sbin_named,v 1.7 2014/07/14 05:48:18 guenther Exp $
 #
 # Policy for named that uses named user and chroots to /var/named
 # This policy works for the default configuration of named.
@@ -47,6 +47,7 @@ Policy: /usr/sbin/named, Emulation: native
 	native-fswrite: filename eq "/var/run/named.pid" then permit
 	native-fswrite: filename match "/var/tmp/*" then permit
 	native-fsync: permit
+	native-getentropy: permit
 	native-getpid: permit
 	native-getppid: permit
 	native-getrlimit: permit
@@ -59,6 +60,7 @@ Policy: /usr/sbin/named, Emulation: native
 	native-kill: permit
 	native-listen: permit
 	native-lseek: permit
+	native-minherit: permit
 	native-mmap: permit
 	native-mprotect: permit
 	native-mquery: permit
@@ -71,6 +73,7 @@ Policy: /usr/sbin/named, Emulation: native
 	native-rename: filename match "/slave/*" and filename[1] match "/slave/*" then permit
 	native-select: permit
 	native-sendmsg: permit
+	native-sendsyslog: permit
 	native-sendto: true then permit
 	native-setegid: gid eq "70" then permit
 	native-seteuid: uid eq "70" and uname eq "named" then permit