summary refs log tree commit diff
path: root/bounce.c
diff options
context:
space:
mode:
Diffstat (limited to 'bounce.c')
-rw-r--r--bounce.c12
1 files changed, 11 insertions, 1 deletions
diff --git a/bounce.c b/bounce.c
index 31ca4a6..d0bccfc 100644
--- a/bounce.c
+++ b/bounce.c
@@ -356,7 +356,7 @@ int main(int argc, char *argv[]) {
 	error = unveil(tls_default_ca_cert_file(), "r");
 	if (error) err(EX_OSFILE, "%s", tls_default_ca_cert_file());
 
-	error = pledge("stdio rpath wpath cpath inet flock unix dns recvfd", NULL);
+	error = pledge("stdio rpath wpath cpath flock inet dns unix recvfd", NULL);
 	if (error) err(EX_OSERR, "pledge");
 #endif
 
@@ -423,6 +423,16 @@ int main(int argc, char *argv[]) {
 	serverConfig(insecure, trust, clientCert, clientPriv);
 	int server = serverConnect(serverBindHost, host, port);
 
+#ifdef __OpenBSD__
+	char promises[64];
+	snprintf(
+		promises, sizeof(promises), "stdio rpath inet%s",
+		(bindPath[0] ? " cpath unix recvfd" : "")
+	);
+	error = pledge(promises, NULL);
+	if (error) err(EX_OSERR, "pledge");
+#endif
+
 #ifdef __FreeBSD__
 	error = cap_enter();
 	if (error) err(EX_OSERR, "cap_enter");
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-11-04 21:21:32 +0000