From: Alexander Bluhm <alexander.bluhm@gmx.net>
Date: Wed, 10 Apr 2019 13:32:55 +0000 (+0200)
Subject: init: pledge(2) needs "fattr" during suricata reload.
X-Git-Tag: suricata-5.0.0-beta1~19
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=36796de731d59c3320b212fb7cdb3c45bf6e39bc;p=thirdparty%2Fsuricata.git

init: pledge(2) needs "fattr" during suricata reload.

When killed with SIGHUP, suricata reopens the log files.  If filemode
is set in the config, it needs pledge promise "fattr" to allow the
chmod(2) on OpenBSD.
---

diff --git a/src/util-privs.c b/src/util-privs.c
index 64a3c01096..5ce6843eb7 100644
--- a/src/util-privs.c
+++ b/src/util-privs.c
@@ -239,7 +239,7 @@ int SCGetGroupID(const char *group_name, uint32_t *gid)
 #ifdef __OpenBSD__
 int SCPledge(void)
 {
-    int ret = pledge("stdio rpath wpath cpath unix dns bpf", NULL);
+    int ret = pledge("stdio rpath wpath cpath fattr unix dns bpf", NULL);
 
     if (ret != 0) {
         SCLogError(SC_ERR_PLEDGE_FAILED, "unable to pledge,"