Dariusz Sendkowski wrote:
> Yes, it does.
>
> I extracted 'unveilcommands' function from doas.c and put it into a
> standalone program to run it.
> It turned out the result was the same as in doas command. When I disable
> unveil, then it works fine.
This diff should fix the problem.
Index: kern_unveil.c
===================================================================
RCS file: /cvs/src/sys/kern/kern_unveil.c,v
retrieving revision 1.22
diff -u -p -r1.22 kern_unveil.c
--- kern_unveil.c 17 Jan 2019 03:26:19 -0000 1.22
+++ kern_unveil.c 21 Jan 2019 01:31:23 -0000
@@ -630,8 +630,6 @@ unveil_add(struct proc *p, struct nameid
done:
if (ret == 0)
unveil_add_traversed_vnodes(p, ndp);
- unveil_free_traversed_vnodes(ndp);
- pool_put(&namei_pool, ndp->ni_cnd.cn_pnbuf);
return ret;
}
Index: vfs_syscalls.c
===================================================================
RCS file: /cvs/src/sys/kern/vfs_syscalls.c,v
retrieving revision 1.310
diff -u -p -r1.310 vfs_syscalls.c
--- vfs_syscalls.c 3 Jan 2019 21:52:31 -0000 1.310
+++ vfs_syscalls.c 21 Jan 2019 01:29:38 -0000
@@ -92,6 +92,7 @@ int dofutimens(struct proc *, int, struc
int dounmount_leaf(struct mount *, int, struct proc *);
int unveil_add(struct proc *, struct nameidata *, const char *);
void unveil_removevnode(struct vnode *vp);
+void unveil_free_traversed_vnodes(struct nameidata *);
ssize_t unveil_find_cover(struct vnode *, struct proc *);
struct unveil *unveil_lookup(struct vnode *, struct proc *, ssize_t *);
@@ -948,6 +949,8 @@ sys_unveil(struct proc *p, void *v, regi
vrele(nd.ni_vp);
if (nd.ni_dvp && nd.ni_dvp != nd.ni_vp)
vrele(nd.ni_dvp);
+ unveil_free_traversed_vnodes(&nd);
+ pool_put(&namei_pool, nd.ni_cnd.cn_pnbuf);
return (error);
}
