=== modified file 'plugins.d/mandos-client.c'
--- plugins.d/mandos-client.c	2009-01-23 20:09:55 +0000
+++ plugins.d/mandos-client.c	2009-01-24 15:26:43 +0000
@@ -36,7 +36,8 @@
 #define _GNU_SOURCE		/* TEMP_FAILURE_RETRY(), asprintf() */
 
 #include <stdio.h>		/* fprintf(), stderr, fwrite(),
-				   stdout, ferror(), sscanf */
+				   stdout, ferror(), sscanf(),
+				   remove() */
 #include <stdint.h> 		/* uint16_t, uint32_t */
 #include <stddef.h>		/* NULL, size_t, ssize_t */
 #include <stdlib.h> 		/* free(), EXIT_SUCCESS, EXIT_FAILURE,
@@ -1130,21 +1131,26 @@
 	  if(direntry == NULL){
 	    break;
 	  }
-	  if(direntry->d_type == DT_REG){
-	    char *fullname = NULL;
-	    ret = asprintf(&fullname, "%s/%s", tempdir,
-			   direntry->d_name);
-	    if(ret < 0){
-	      perror("asprintf");
-	      continue;
-	    }
-	    ret = unlink(fullname);
-	    if(ret == -1){
-	      fprintf(stderr, "unlink(\"%s\"): %s",
-		      fullname, strerror(errno));
-	    }
-	    free(fullname);
-	  }
+	  /* Skip "." and ".." */
+	  if(direntry->d_name[0] == '.'
+	     and (direntry->d_name[1] == '\0'
+		  or (direntry->d_name[1] == '.'
+		      and direntry->d_name[2] == '\0'))){
+	    continue;
+	  }
+	  char *fullname = NULL;
+	  ret = asprintf(&fullname, "%s/%s", tempdir,
+			 direntry->d_name);
+	  if(ret < 0){
+	    perror("asprintf");
+	    continue;
+	  }
+	  ret = remove(fullname);
+	  if(ret == -1){
+	    fprintf(stderr, "remove(\"%s\"): %s\n", fullname,
+		    strerror(errno));
+	  }
+	  free(fullname);
 	}
 	closedir(d);
       }
@@ -1153,6 +1159,6 @@
 	perror("rmdir");
       }
     }
-	  
+    
     return exitcode;
 }

=== modified file 'plugins.d/mandos-client.xml'
--- plugins.d/mandos-client.xml	2009-01-24 14:24:54 +0000
+++ plugins.d/mandos-client.xml	2009-01-24 15:26:43 +0000
@@ -122,12 +122,16 @@
       <command>&COMMANDNAME;</command> is a client program that
       communicates with <citerefentry><refentrytitle
       >mandos</refentrytitle><manvolnum>8</manvolnum></citerefentry>
-      to get a password.  It brings up a network interface, uses its
-      IPv6 link-local address to get network connectivity, uses
-      Zeroconf to find servers, and uses TLS with an OpenPGP key to
-      ensure authenticity and confidentiality.  It keeps running,
-      trying all servers on the network, until it receives a
-      satisfactory reply or a TERM signal is received.
+      to get a password.  In slightly more detail, this client program
+      brings up a network interface, uses the interface’s IPv6
+      link-local address to get network connectivity, uses Zeroconf to
+      find servers on the local network, and communicates with servers
+      using TLS with an OpenPGP key to ensure authenticity and
+      confidentiality.  This client program keeps running, trying all
+      servers on the network, until it receives a satisfactory reply
+      or a TERM signal is received.  If no servers are found, or after
+      all servers have been tried, it waits indefinitely for new
+      servers to appear.
     </para>
     <para>
       This program is not meant to be run directly; it is really meant
@@ -202,6 +206,15 @@
 	    specifies the interface to use to connect to the address
 	    given.
 	  </para>
+	  <para>
+	    Note that since this program will normally run in the
+	    initial RAM disk environment, the interface must be an
+	    interface which exists at that stage.  Thus, the interface
+	    can not be a pseudo-interface such as <quote>br0</quote>
+	    or <quote>tun0</quote>; such interfaces will not exist
+	    until much later in the boot process, and can not be used
+	    by this program.
+	  </para>
 	</listitem>
       </varlistentry>