I applied this patch, as is, to the stable sources and it works now. Thanks.
pon., 21 sty 2019 o 06:03 Ted Unangst <t...@tedunangst.com> napisaĆ(a): > Ted Unangst wrote: > > Dariusz Sendkowski wrote: > > > Yes, it does. > > > > > > I extracted 'unveilcommands' function from doas.c and put it into a > > > standalone program to run it. > > > It turned out the result was the same as in doas command. When I > disable > > > unveil, then it works fine. > > > > This diff should fix the problem. > > Actually, miscalculation. This is a better diff. Sorry for the trouble. > Against current, but should be adaptable to stable. > > Index: vfs_syscalls.c > =================================================================== > RCS file: /cvs/src/sys/kern/vfs_syscalls.c,v > retrieving revision 1.310 > diff -u -p -r1.310 vfs_syscalls.c > --- vfs_syscalls.c 3 Jan 2019 21:52:31 -0000 1.310 > +++ vfs_syscalls.c 21 Jan 2019 04:57:17 -0000 > @@ -92,6 +92,7 @@ int dofutimens(struct proc *, int, struc > int dounmount_leaf(struct mount *, int, struct proc *); > int unveil_add(struct proc *, struct nameidata *, const char *); > void unveil_removevnode(struct vnode *vp); > +void unveil_free_traversed_vnodes(struct nameidata *); > ssize_t unveil_find_cover(struct vnode *, struct proc *); > struct unveil *unveil_lookup(struct vnode *, struct proc *, ssize_t *); > > @@ -911,7 +912,7 @@ sys_unveil(struct proc *p, void *v, regi > > nd.ni_pledge = PLEDGE_UNVEIL; > if ((error = namei(&nd)) != 0) > - return (error); > + goto end; > > /* > * XXX Any access to the file or directory will allow us to > @@ -948,6 +949,10 @@ sys_unveil(struct proc *p, void *v, regi > vrele(nd.ni_vp); > if (nd.ni_dvp && nd.ni_dvp != nd.ni_vp) > vrele(nd.ni_dvp); > + > + pool_put(&namei_pool, nd.ni_cnd.cn_pnbuf); > +end: > + unveil_free_traversed_vnodes(&nd); > > return (error); > } > Index: kern_unveil.c > =================================================================== > RCS file: /cvs/src/sys/kern/kern_unveil.c,v > retrieving revision 1.22 > diff -u -p -r1.22 kern_unveil.c > --- kern_unveil.c 17 Jan 2019 03:26:19 -0000 1.22 > +++ kern_unveil.c 21 Jan 2019 05:01:26 -0000 > @@ -630,8 +630,6 @@ unveil_add(struct proc *p, struct nameid > done: > if (ret == 0) > unveil_add_traversed_vnodes(p, ndp); > - unveil_free_traversed_vnodes(ndp); > - pool_put(&namei_pool, ndp->ni_cnd.cn_pnbuf); > return ret; > } > >