commit 9e328210ec26e3d0f683da9aa21c777769b9e7c4
from: the xhr <xhr@giessen.ccc.de>
date: Thu Aug 26 09:29:02 2021 UTC

Open logs later and add more pledge promises

twind needs to write and create files on SIGHUP

commit - a944bd9316b3f8853ef8a1d6f833f727b84f199a
commit + 9e328210ec26e3d0f683da9aa21c777769b9e7c4
blob - e7cc33835954259133b2cd688a8db17442bfd9b0
blob + 9c294210a3d72f9d8deb66912a481f9f7db74b93
--- twind.c
+++ twind.c
@@ -161,17 +161,17 @@ main(int argc, char *argv[])
 	log_init(debug_flag, LOG_DAEMON);
 	log_setverbose(verbose_flag);
 
-	open_twind_logs();
 
 #ifdef __OpenBSD__
-	if (pledge("stdio inet dns proc rpath", NULL) == -1)
+	if (pledge("stdio inet dns proc rpath wpath cpath", NULL) == -1)
 		fatalx("pledge");
 #endif /* __OpenBSD__ */
 
-
 	if (!fg_flag)
 		if (daemon(0, 0) == -1)
 			fatalx("daemonizing failed");
+
+	open_twind_logs();
 
 	fork_main_process(tcpsock, sslctx);
 
@@ -184,6 +184,8 @@ static void
 organize_termination(void)
 {
 	pid_t sub_pid;
+
+	close_twind_logs();
 
 	log_debug("waiting for sub processes to terminate");
 	for (;;) {
@@ -253,7 +255,7 @@ handle_incoming_connections(int counter, int tcpsock, 
 
 #ifdef __OpenBSD__
 	/* We can get rid of proc pledge here */
-	if (pledge("stdio inet dns rpath", NULL) == -1)
+	if (pledge("stdio inet dns rpath wpath cpath", NULL) == -1)
 		fatalx("pledge");
 #endif /* __OpenBSD__ */