CVSROOT: /cvs
Module name: src
Changes by: mes...@cvs.openbsd.org 2018/10/26 11:11:33
Modified files:
usr.sbin/kvm_mkdb: kvm_mkdb.c
Log message:
If we pass `file' via args then we need to unveil(2) it with read permission,
otherwise if omitted we need to unveil(2) both _PATH_UNIX and _PATH_KSYMS with
same permissions.
Unconditionally we need to also unveil(2) dbdir, which by default is
_PATH_VARDB but can be changed via args (-o directory), with read/write/create
permissions. There are a couple of temp files that will be created but it's
inside dbdir so there's no need to unveil(2) them individually.
Since we already call pledge(2) before, twice, we need to add "unveil" promise
to both of them, and finally call pledge(2) once again with the needed promises
except "unveil".
OK millert@
