Fincer
/
openntpd-openbsd
mirror of https://github.com/Fincer/openntpd-openbsd
1
0
Fork 0
Code Issues 0 Projects 0 Releases 61 Wiki Activity
Browse Source

Update for arc4random and syslog changes

OPENBSD_5_6
guenther 10 years ago
parent
2dfe92794b
commit
fbc71be3ba
2 changed files with 8 additions and 3 deletions
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. +4
    -2
      src/etc/systrace/usr_sbin_lpd
  2. +4
    -1
      src/etc/systrace/usr_sbin_named

+ 4
- 2
src/etc/systrace/usr_sbin_lpd View File

@ -1,4 +1,4 @@
# $OpenBSD: usr_sbin_lpd,v 1.5 2004/05/13 04:50:04 sturm Exp $
# $OpenBSD: usr_sbin_lpd,v 1.6 2014/07/14 05:48:18 guenther Exp $
# #
# Policy for lpd. # Policy for lpd.
# This policy works for the default configuration of lpd. # This policy works for the default configuration of lpd.
@ -51,6 +51,7 @@ Policy: /usr/sbin/lpd, Emulation: native
native-ftruncate: permit native-ftruncate: permit
native-getdirentries: permit native-getdirentries: permit
native-getegid: permit native-getegid: permit
native-getentropy: permit
native-geteuid: permit native-geteuid: permit
native-getpid: permit native-getpid: permit
native-getsockname: permit native-getsockname: permit
@ -60,6 +61,7 @@ Policy: /usr/sbin/lpd, Emulation: native
native-kill: permit native-kill: permit
native-listen: permit native-listen: permit
native-lseek: permit native-lseek: permit
native-minherit: permit
native-mmap: permit native-mmap: permit
native-mprotect: permit native-mprotect: permit
native-mquery: permit native-mquery: permit
@ -69,6 +71,7 @@ Policy: /usr/sbin/lpd, Emulation: native
native-read: permit native-read: permit
native-recvfrom: permit native-recvfrom: permit
native-select: permit native-select: permit
native-sendsyslog: permit
native-sendto: permit native-sendto: permit
native-setegid: gid eq "1" then permit native-setegid: gid eq "1" then permit
native-seteuid: uid eq "0" then permit native-seteuid: uid eq "0" then permit
@ -84,4 +87,3 @@ Policy: /usr/sbin/lpd, Emulation: native
native-umask: permit native-umask: permit
native-wait4: permit native-wait4: permit
native-write: permit native-write: permit

+ 4
- 1
src/etc/systrace/usr_sbin_named View File

@ -1,4 +1,4 @@
# $OpenBSD: usr_sbin_named,v 1.6 2010/07/23 03:13:51 ray Exp $
# $OpenBSD: usr_sbin_named,v 1.7 2014/07/14 05:48:18 guenther Exp $
# #
# Policy for named that uses named user and chroots to /var/named # Policy for named that uses named user and chroots to /var/named
# This policy works for the default configuration of named. # This policy works for the default configuration of named.
@ -47,6 +47,7 @@ Policy: /usr/sbin/named, Emulation: native
native-fswrite: filename eq "/var/run/named.pid" then permit native-fswrite: filename eq "/var/run/named.pid" then permit
native-fswrite: filename match "/var/tmp/*" then permit native-fswrite: filename match "/var/tmp/*" then permit
native-fsync: permit native-fsync: permit
native-getentropy: permit
native-getpid: permit native-getpid: permit
native-getppid: permit native-getppid: permit
native-getrlimit: permit native-getrlimit: permit
@ -59,6 +60,7 @@ Policy: /usr/sbin/named, Emulation: native
native-kill: permit native-kill: permit
native-listen: permit native-listen: permit
native-lseek: permit native-lseek: permit
native-minherit: permit
native-mmap: permit native-mmap: permit
native-mprotect: permit native-mprotect: permit
native-mquery: permit native-mquery: permit
@ -71,6 +73,7 @@ Policy: /usr/sbin/named, Emulation: native
native-rename: filename match "/slave/*" and filename[1] match "/slave/*" then permit native-rename: filename match "/slave/*" and filename[1] match "/slave/*" then permit
native-select: permit native-select: permit
native-sendmsg: permit native-sendmsg: permit
native-sendsyslog: permit
native-sendto: true then permit native-sendto: true then permit
native-setegid: gid eq "70" then permit native-setegid: gid eq "70" then permit
native-seteuid: uid eq "70" and uname eq "named" then permit native-seteuid: uid eq "70" and uname eq "named" then permit


Write Preview
Loading…
Cancel
Save