Alexander Bluhm <alexander.bl...@gmx.net> wrote: > When setting immutable flags on directories with chflags(1), unveil(2) > behaves poorly. > > # rm /etc/hosts > # chflags uchg /etc > # ifconfig vio0 > ifconfig: unveil: Operation not permitted > > Adding another exception for EPERM fixes this. > > ok? > > bluhm > > Index: kern/vfs_lookup.c > =================================================================== > RCS file: /data/mirror/openbsd/cvs/src/sys/kern/vfs_lookup.c,v > retrieving revision 1.80 > diff -u -p -r1.80 vfs_lookup.c > --- kern/vfs_lookup.c 18 Jul 2019 18:06:17 -0000 1.80 > +++ kern/vfs_lookup.c 26 Jul 2019 12:24:55 -0000 > @@ -581,7 +581,7 @@ dirloop: > * create ourselves. > */ > if (ndp->ni_pledge == PLEDGE_UNVEIL && > - (error == EACCES || error == EROFS)) > + (error == EPERM || error == EACCES || error == EROFS)) > error = EJUSTRETURN;
As the list of errno's grows, I start wondering if there will be more, and if this block's check is inverted in some way, that it should fallthrough to unveil-creation only on no-failure or specific-errno.