Hi,
When using 'udpsockmode' in dhcpd (-u flag), it first calls
pledge("stdio rpath inet sendfd proc id", NULL) (in udpsock.c)
then tries
pledge("stdio inet route sendfd", NULL) (back in dhcpd.c)
The "route" causes it to fail.
eg.
$ doas dhcpd -u -fd pppx0
Listening on 255.255.255.255:67/udp.
dhcpd: pledge: Operation not permitted
"route" isn't defined in the pledge(2) man page,
but testing seems to indicate it is necessary.
Index: udpsock.c
===================================================================
RCS file: /cvs/src/usr.sbin/dhcpd/udpsock.c,v
retrieving revision 1.5
diff -u -p -r1.5 udpsock.c
--- udpsock.c 8 Feb 2016 02:06:07 -0000 1.5
+++ udpsock.c 4 Apr 2016 04:09:14 -0000
@@ -65,7 +65,7 @@ udpsock_startup(struct in_addr bindaddr)
error("setsocketopt IP_RECVIF failed for udp: %s",
strerror(errno));
- if (pledge("stdio rpath inet sendfd proc id", NULL) == -1)
+ if (pledge("stdio rpath inet sendfd proc id route", NULL) == -1)
error("pledge: %s", strerror(errno));
sin4.sin_family = AF_INET;
--
-Phil
