Re: unveil documentation

[Theo de Raadt]

Kevin Chadwick  wrote:

> The unveil man page is perfectly correct and it is not hard to test it's 
> behaviour.
> 
> I just wonder if it may aid unveil adoption in languages other than C, if it
> explicitly mentioned that exec is not required on a dir to allow reading the
> files within, e.g. if the dev is more used to filesystem permissions than OS
> functions?
> 
> Perhaps a FAQ on unveil is intended instead, time permitting? Perhaps a link 
> to
> the following paper or whichever best demonstrates usage, could be added to 
> the
> faq for now?
> 
> https://lteo.net/assets/pdf/lteo-openbsd-carolinacon15-20190427.pdf
> 
> Trying to help provide differing perspectives and not just create work for 
> people.
> 
> Feel free to ignore me, obviously.

It would be improper if every manual page had to start from the foundation
and explain every intrinsic unix behaviour.

unveil is not doing anything special here.

unveil documentation

[Kevin Chadwick]

The unveil man page is perfectly correct and it is not hard to test it's 
behaviour.

I just wonder if it may aid unveil adoption in languages other than C, if it
explicitly mentioned that exec is not required on a dir to allow reading the
files within, e.g. if the dev is more used to filesystem permissions than OS
functions?

Perhaps a FAQ on unveil is intended instead, time permitting? Perhaps a link to
the following paper or whichever best demonstrates usage, could be added to the
faq for now?

https://lteo.net/assets/pdf/lteo-openbsd-carolinacon15-20190427.pdf

Trying to help provide differing perspectives and not just create work for 
people.

Feel free to ignore me, obviously.