Re: Newer unveil diffs

Pratik Vyas Tue, 31 Jul 2018 14:20:02 -0700

* Theo de Raadt <[email protected]> [2018-07-30 12:52:46 -0600]:

unveil(2) is now enabled in -current.

For those who want to play along at home, here are some diffs which use
this in a variety of programs.  Not all these diffs are correct or
complete yet.  This is a learning experience.  Based upon what we learn,
we may still change unveil(2) semantics slightly (similar to how pledge
semantics were reached).

These diffs are in snapshots.


Thanks Theo for pushing this in!

vmctl start needs a bit more unveiling.

Index: usr.sbin/vmctl/main.c
===================================================================
RCS file: /home/pdvyas/cvs/src/usr.sbin/vmctl/main.c,v
retrieving revision 1.39
diff -u -p -a -u -r1.39 main.c
--- usr.sbin/vmctl/main.c       12 Jul 2018 14:53:37 -0000      1.39
+++ usr.sbin/vmctl/main.c       31 Jul 2018 21:15:42 -0000
@@ -45,7 +45,15 @@ static int            tty_autoconnect = 0;
__dead void      usage(void);
__dead void      ctl_usage(struct ctl_command *);

+int             vmmaction(struct parse_result *);
int              vmm_action(struct parse_result *);
+int             parse_ifs(struct parse_result *, char *, int);
+int             parse_network(struct parse_result *, char *);
+int             parse_size(struct parse_result *, char *, long long);
+int             parse_disk(struct parse_result *, char *);
+int             parse_vmid(struct parse_result *, char *, int);
+void            parse_free(struct parse_result *);
+int             parse(int, char *[]);

int              ctl_console(struct parse_result *, int, char *[]);
int              ctl_create(struct parse_result *, int, char *[]);
@@ -158,9 +166,14 @@ parse(int argc, char *argv[])
        res.action = ctl->action;
        res.ctl = ctl;

+       if (unveil(SOCKET_NAME, "r") == -1)
+               err(1, "unveil");
+
        if (!ctl->has_pledge) {
                /* pledge(2) default if command doesn't have its own pledge */
-               if (pledge("stdio rpath exec unix getpw", NULL) == -1)
+               if (unveil(VMCTL_CU, "x") == -1)
+                       err(1, "unveil");
+               if (pledge("stdio rpath exec unix getpw unveil", NULL) == -1)
                        err(1, "pledge");
        }
        if (ctl->main(&res, argc, argv) != 0)
@@ -477,6 +490,10 @@ ctl_create(struct parse_result *res, int

        paths[0] = argv[1];
        paths[1] = NULL;
+
+       if (unveil(paths[0], "rwc") == -1)
+               err(1, "unveil");
+
        if (pledge("stdio rpath wpath cpath", NULL) == -1)
                err(1, "pledge");
        argc--;

@@ -597,6 +614,8 @@ ctl_start(struct parse_result *res, intcase 'b':

                        if (res->path)
                                errx(1, "boot image specified multiple times");
+                       if (unveil(optarg, "r") == -1)
+                               err(1, "unveil");
                        if (realpath(optarg, path) == NULL)
                                err(1, "invalid boot image path");
                        if ((res->path = strdup(path)) == NULL)

@@ -628,6 +647,8 @@ ctl_start(struct parse_result *res, interrx(1, "invalid network: %s", optarg);

                        break;
                case 'd':
+                       if (unveil(optarg, "r") == -1)
+                               err(1, "unveil");
                        if (realpath(optarg, path) == NULL)
                                err(1, "invalid disk path");
                        if (parse_disk(res, path) != 0)

Re: Newer unveil diffs

Reply via email to