Hi all,
I saw a discussion on here a while ago about the use of patterns like:
if (unveil(some_path, "r") == -1)
err(1, "unveil");
And why that's maybe not preferable for debugging and troubleshooting
purposes for programs which have multiple unveil calls (which happens
fairly often).
Original message here: https://marc.info/?l=openbsd-tech&m=161470144611031&w=2
I would like to try and clean this up if I can. I did the first program
that came up from my grep of the tree - bin/ps/ps.c - as an example to
accompany this mail.
Would this work be of interest if I were to undertake it broadly
across the tree?
2. If so, are there any suggestions/strong feelings with the formatting
of the messages. My included diff shows one possible suggestion.
Comments/suggestions welcome.
Thanks,
Ash
diff --git a/bin/ps/ps.c b/bin/ps/ps.c
index 84be7afe802..3b6593a46a1 100644
--- a/bin/ps/ps.c
+++ b/bin/ps/ps.c
@@ -276,18 +276,18 @@ main(int argc, char *argv[])
errx(1, "%s", errbuf);
if (unveil(_PATH_DEVDB, "r") == -1 && errno != ENOENT)
- err(1, "unveil");
+ err(1, "unveil: _PATH_DEVDB -> %s", _PATH_DEVDB);
if (unveil(_PATH_DEV, "r") == -1 && errno != ENOENT)
- err(1, "unveil");
+ err(1, "unveil: _PATH_DEV -> %s", _PATH_DEV);
if (swapf)
if (unveil(swapf, "r") == -1)
- err(1, "unveil");
+ err(1, "unveil: swapf -> %s", swapf);
if (nlistf)
if (unveil(nlistf, "r") == -1)
- err(1, "unveil");
+ err(1, "unveil: nlistf -> %s", nlistf);
if (memf)
if (unveil(memf, "r") == -1)
- err(1, "unveil");
+ err(1, "unveil: memf -> %s", memf);
if (pledge("stdio rpath getpw ps", NULL) == -1)
err(1, "pledge");
