I don't understand. Why do you think the directory should be visible?
Sebastien Marie <sema...@online.fr> wrote: > Hi, > > I have a program with unexpected unveil violation. > > I put the whole / read-only, and next few programs executable (the > purpose is to restrict the executable files to only a small set). > > The directory containing the executable is not visible anymore. > > $ cat test.c > #include <sys/stat.h> > > #include <err.h> > #include <stdio.h> > #include <stdlib.h> > #include <unistd.h> > > int > main(int argc, char *argv[]) > { > struct stat sb; > > if (unveil("/", "r") == -1) > err(EXIT_FAILURE, "unveil: /"); > if (unveil("/usr/bin/id", "rx") == -1) > err(EXIT_FAILURE, "unveil: /usr/bin/id"); > > if (unveil(NULL, NULL) == -1) > err(EXIT_FAILURE, "unveil"); > > if (stat("/usr/bin", &sb) == -1) > err(EXIT_FAILURE, "stat: /usr/bin"); > > return EXIT_SUCCESS; > } > $ cc -Wall test.c > $ ./a.out > a.out: stat: /usr/bin: No such file or directory > > If I explicity add `unveil("/usr/bin", "r")`, it is working as expected. > > The order of unveil("/") and unveil("/usr/bin/id") doesn't change the > problem. unveil(NULL, NULL) isn't required for reproducing. > > Thanks. > -- > Sebastien Marie >