I don't understand.
Why do you think the directory should be visible?
Sebastien Marie <sema...@online.fr> wrote:
> Hi,
>
> I have a program with unexpected unveil violation.
>
> I put the whole / read-only, and next few programs executable (the
> purpose is to restrict the executable files to only a small set).
>
> The directory containing the executable is not visible anymore.
>
> $ cat test.c
> #include <sys/stat.h>
>
> #include <err.h>
> #include <stdio.h>
> #include <stdlib.h>
> #include <unistd.h>
>
> int
> main(int argc, char *argv[])
> {
> struct stat sb;
>
> if (unveil("/", "r") == -1)
> err(EXIT_FAILURE, "unveil: /");
> if (unveil("/usr/bin/id", "rx") == -1)
> err(EXIT_FAILURE, "unveil: /usr/bin/id");
>
> if (unveil(NULL, NULL) == -1)
> err(EXIT_FAILURE, "unveil");
>
> if (stat("/usr/bin", &sb) == -1)
> err(EXIT_FAILURE, "stat: /usr/bin");
>
> return EXIT_SUCCESS;
> }
> $ cc -Wall test.c
> $ ./a.out
> a.out: stat: /usr/bin: No such file or directory
>
> If I explicity add `unveil("/usr/bin", "r")`, it is working as expected.
>
> The order of unveil("/") and unveil("/usr/bin/id") doesn't change the
> problem. unveil(NULL, NULL) isn't required for reproducing.
>
> Thanks.
> --
> Sebastien Marie
>
