Hi,
On IRC, someone reported problem with tcpdump whereas /etc was readonly.
I will not comment on this unsupported configuration, but instead
looking at unveil(2) itself as it is the root cause of this particular
problem.
The problem was reported on 6.4, and my tests are done on -current
(where the problem is still exposed).
It seems unveil(2) doesn't work (generate errno EROFS) on if the path is
on a readonly filesystem.
$ cat test.c
#include <err.h>
#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>
int
main(int argc, char *argv[])
{
if (unveil("/mnt/test-rofs", "r") != 0)
err(EXIT_FAILURE, "unveil");
printf("fine\n");
return EXIT_SUCCESS;
}
Next, make a small partition and mount it on /mnt.
$ doas mount /dev/wd0i /mnt
$ ./a.out
fine
$ doas mount -u -r /mnt
$ ./a.out
a.out: unveil: Read-only file system
I didn't expect unveil(2) to error out if the partition is readonly.
Reading code source, I see we already have code for managing exceptions
like that. so I assume a different code path.
I will try to investigate deeper in the week-end.
thanks.
--
Sebastien Marie
