pf plugin: read permissions are enough for /dev/pf

diff --git a/src/pf.c b/src/pf.c
index 7c677bf..9d99e3a 100644 (file)
--- a/src/pf.c
+++ b/src/pf.c
@@ -48,7 +48,7 @@ pf_init(void)
 {
        struct pf_status        status;
 
-       if ((dev = open(PF_SOCKET, O_RDWR)) == -1) {
+       if ((dev = open(PF_SOCKET, O_RDONLY)) == -1) {
                return (-1);
        }
        if (ioctl(dev, DIOCGETSTATUS, &status) == -1) {
@@ -72,7 +72,7 @@ pf_read(void)
        char            *lnames[] = LCNT_NAMES;
        char            *names[] = { "searches", "inserts", "removals" };
 
-       if ((dev = open(PF_SOCKET, O_RDWR)) == -1) {
+       if ((dev = open(PF_SOCKET, O_RDONLY)) == -1) {
                return (-1);
        }
        if (ioctl(dev, DIOCGETSTATUS, &status) == -1) {