summaryrefslogtreecommitdiff
path: root/sandbox-systrace.c
diff options
context:
space:
mode:
Diffstat (limited to 'sandbox-systrace.c')
-rw-r--r--sandbox-systrace.c12
1 files changed, 11 insertions, 1 deletions
diff --git a/sandbox-systrace.c b/sandbox-systrace.c
index 6706c9a80..aaa3d8f0a 100644
--- a/sandbox-systrace.c
+++ b/sandbox-systrace.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: sandbox-systrace.c,v 1.9 2014/01/31 16:39:19 tedu Exp $ */ 1/* $OpenBSD: sandbox-systrace.c,v 1.13 2014/07/17 00:10:56 djm Exp $ */
2/* 2/*
3 * Copyright (c) 2011 Damien Miller <djm@mindrot.org> 3 * Copyright (c) 2011 Damien Miller <djm@mindrot.org>
4 * 4 *
@@ -52,7 +52,17 @@ struct sandbox_policy {
52static const struct sandbox_policy preauth_policy[] = { 52static const struct sandbox_policy preauth_policy[] = {
53 { SYS_open, SYSTR_POLICY_NEVER }, 53 { SYS_open, SYSTR_POLICY_NEVER },
54 54
55#ifdef SYS_getentropy
56 /* OpenBSD 5.6 and newer use getentropy(2) to seed arc4random(3). */
57 { SYS_getentropy, SYSTR_POLICY_PERMIT },
58#else
59 /* Previous releases used sysctl(3)'s kern.arnd variable. */
55 { SYS___sysctl, SYSTR_POLICY_PERMIT }, 60 { SYS___sysctl, SYSTR_POLICY_PERMIT },
61#endif
62
63#ifdef SYS_sendsyslog
64 { SYS_sendsyslog, SYSTR_POLICY_PERMIT },
65#endif
56 { SYS_close, SYSTR_POLICY_PERMIT }, 66 { SYS_close, SYSTR_POLICY_PERMIT },
57 { SYS_exit, SYSTR_POLICY_PERMIT }, 67 { SYS_exit, SYSTR_POLICY_PERMIT },
58 { SYS_getpid, SYSTR_POLICY_PERMIT }, 68 { SYS_getpid, SYSTR_POLICY_PERMIT },
generated by cgit v1.2.3 (git 2.39.1) at 2024-06-26 18:57:34 +0000