A trivial diff for the sndiod "device helper" process. All this
process does is to open the device and pass it to the main process. So
it can be restricted to /dev.
The other sndiod process has neither of rpath, wpath, cpath, or exec,
so it doesn't need unveil, right?
Index: sndiod.c
===================================================================
RCS file: /cvs/src/usr.bin/sndiod/sndiod.c,v
retrieving revision 1.33
diff -u -p -r1.33 sndiod.c
--- sndiod.c 26 Jun 2018 07:12:35 -0000 1.33
+++ sndiod.c 30 Jul 2018 09:18:32 -0000
@@ -378,6 +378,8 @@ start_helper(int background)
setresuid(pw->pw_uid, pw->pw_uid, pw->pw_uid))
err(1, "cannot drop privileges");
}
+ if (unveil("/dev", "rw") < 0)
+ err(1, "unveil");
if (pledge("stdio sendfd rpath wpath", NULL) < 0)
err(1, "pledge");
while (file_poll())
