commit f30efb9a7b86a2912c9176374b21e3268cbd1fe2
from: martijn <martijn@openbsd.org>
date: Thu Jan 30 17:00:31 2025 UTC

unveil the agentx socket path. This was probably broken with adding unix
sockets to unveil.

reported by pascal@
OK sthen@ benno@

commit - 418ab141e444db9b7f3d7c2afc4351f7ef4bccfc
commit + f30efb9a7b86a2912c9176374b21e3268cbd1fe2
blob - 76fa9e8b04386370d57dcfb9c191fa839694178d
blob + f6a7887b06ac275585d72b0bc8f26d254144f9af
--- relayd.c
+++ relayd.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: relayd.c,v 1.192 2024/10/28 19:56:18 tb Exp $	*/
+/*	$OpenBSD: relayd.c,v 1.193 2025/01/30 17:00:31 martijn Exp $	*/
 
 /*
  * Copyright (c) 2007 - 2016 Reyk Floeter <reyk@openbsd.org>
@@ -27,6 +27,7 @@
 #include <netinet/in.h>
 #include <arpa/inet.h>
 
+#include <agentx.h>
 #include <signal.h>
 #include <string.h>
 #include <stdio.h>
@@ -224,6 +225,13 @@ main(int argc, char *argv[])
 
 	if (unveil("/", "rx") == -1)
 		err(1, "unveil /");
+	if (env->sc_conf.flags & F_AGENTX) {
+		if (unveil(env->sc_conf.agentx_path, "w") == -1)
+			err(1, "unveil %s", env->sc_conf.agentx_path);
+	} else {
+		if (unveil(AGENTX_MASTER_PATH, "w") == -1)
+			err(1, "unveil %s", env->sc_conf.agentx_path);
+	}
 	if (unveil(NULL, NULL) == -1)
 		err(1, "unveil");