Skip to content

Commit

Permalink
privsep: Note that unveil(2) is not needed
Browse files Browse the repository at this point in the history 
As we are in a chroot.
https://www.mail-archive.com/misc@openbsd.org/msg171664.html
  • Loading branch information
@rsmarples
rsmarples committed Nov 10, 2023
1 parent 4bb0c8f commit 3941274
Showing 1 changed file with 3 additions and 0 deletions.
3 changes: 3 additions & 0 deletions src/privsep.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -622,6 +622,9 @@ ps_entersandbox(const char *_pledge, const char **sandbox)
#elif defined(HAVE_PLEDGE)
if (sandbox != NULL)
*sandbox = "pledge";
// There is no need to use unveil(2) because we are in an empty chroot
// This is encouraged by Theo de Raadt himself:
// https://www.mail-archive.com/misc@openbsd.org/msg171655.html
return pledge(_pledge, NULL);
#elif defined(HAVE_SECCOMP)
if (sandbox != NULL)
Expand Down

0 comments on commit 3941274

Please sign in to comment.