Hi,
pledge(2) bpf has been in use for some time now on tcpdump(8), this will enable
it also for pflogd(8)'s priv proc.
OK?
Index: privsep.c
===================================================================
RCS file: /cvs/src/sbin/pflogd/privsep.c,v
retrieving revision 1.24
diff -u -p -u -r1.24 privsep.c
--- privsep.c 23 Jan 2017 04:25:05 -0000 1.24
+++ privsep.c 24 May 2017 07:30:38 -0000
@@ -118,12 +118,9 @@ priv_init(void)
setproctitle("[priv]");
close(socks[1]);
-
-#if notyet
- /* This needs to do bpf ioctl */
if (pledge("stdio rpath wpath cpath sendfd proc bpf", NULL) == -1)
err(1, "pledge");
-#endif
+
while (!gotsig_chld) {
if (may_read(socks[0], &cmd, sizeof(int)))
break;
