Hi, i like the tweak; OK to commit?
While it is reasonable to expect this behaviour without the "zero or more", i see how the misunderstanding "one or more" can arise: In many situations, to grant no permissions on a given path, it is sufficient to not mention it in unveil(2) at all, so it may not be obvious to everybody that the "" case is sometimes useful (and implemented). Yours, Ingo Chris Rawnsley wrote on Wed, Dec 04, 2019 at 06:34:00PM +0000: > On Wed, 4 Dec 2019, at 18:07, Theo de Raadt wrote: >> I think it is implied, if no permissions are listed. > Perhaps and it may be due my inexperience with C interfaces that I didn't > think to try it. > > I think your wording would have been enough for me to twig so I've made > the patch for that instances too (if you change your mind, of course :) ). > > Index: lib/libc/sys/unveil.2 > =================================================================== > RCS file: /cvs/src/lib/libc/sys/unveil.2,v > retrieving revision 1.19 > diff -u -p -u -r1.19 unveil.2 > --- lib/libc/sys/unveil.2 25 Jul 2019 13:47:40 -0000 1.19 > +++ lib/libc/sys/unveil.2 4 Dec 2019 18:28:03 -0000 > @@ -62,7 +62,8 @@ promise. > .Pp > The > .Fa permissions > -argument points to a string consisting of the following characters: > +argument points to a string consisting of zero or more of the following > +characters: > .Pp > .Bl -tag -width "XXXX" -offset indent -compact > .It Cm r
