CVSROOT: /cvs Module name: src Changes by: mes...@cvs.openbsd.org 2018/10/26 11:11:33
Modified files: usr.sbin/kvm_mkdb: kvm_mkdb.c Log message: If we pass `file' via args then we need to unveil(2) it with read permission, otherwise if omitted we need to unveil(2) both _PATH_UNIX and _PATH_KSYMS with same permissions. Unconditionally we need to also unveil(2) dbdir, which by default is _PATH_VARDB but can be changed via args (-o directory), with read/write/create permissions. There are a couple of temp files that will be created but it's inside dbdir so there's no need to unveil(2) them individually. Since we already call pledge(2) before, twice, we need to add "unveil" promise to both of them, and finally call pledge(2) once again with the needed promises except "unveil". OK millert@