> Date: Thu, 25 Nov 2021 15:14:27 -0700
> From: Ted Bullock
Hi Ted,
I made some small changes to the code and committed it. I chose to
use device_type in the end since that better reflects the intention of
disabling devices that use the Open Firmware driver for IDE devices.
Thanks for getting
On Wed, Dec 01, 2021 at 09:26:32AM -0700, Theo de Raadt wrote:
> I don't understand.
>
> Why do you think the directory should be visible?
unveil("/", "r") should make everything visible for read. So the stat
should not fail. The fact that /usr/bin is a special snowflake because of
the extra
I don't understand.
Why do you think the directory should be visible?
Sebastien Marie wrote:
> Hi,
>
> I have a program with unexpected unveil violation.
>
> I put the whole / read-only, and next few programs executable (the
> purpose is to restrict the executable files to only a small set).
On Wed, Dec 01, 2021 at 02:14:40PM +0100, Sebastien Marie wrote:
> Hi,
>
> I have a program with unexpected unveil violation.
>
> I put the whole / read-only, and next few programs executable (the
> purpose is to restrict the executable files to only a small set).
>
> The directory containing
On Wed, Dec 1, 2021 at 6:03 AM Mark Kettenis wrote:
>
> > Date: Wed, 1 Dec 2021 12:23:00 +0100
> > From: Patrick Wildt
> >
> > Hi,
> >
> > I was actually wondering why we removed it and it stems from a
> > discussion with kettenis when I was doing cleanup, he wrote:
> >
> > "Maybe it is time to
Hi,
I have a program with unexpected unveil violation.
I put the whole / read-only, and next few programs executable (the
purpose is to restrict the executable files to only a small set).
The directory containing the executable is not visible anymore.
$ cat test.c
#include
#include
#include
> Date: Wed, 1 Dec 2021 12:23:00 +0100
> From: Patrick Wildt
>
> Hi,
>
> I was actually wondering why we removed it and it stems from a
> discussion with kettenis when I was doing cleanup, he wrote:
>
> "Maybe it is time to retire the boot_file parsing completely. These
> days we use the
Hi,
I was actually wondering why we removed it and it stems from a
discussion with kettenis when I was doing cleanup, he wrote:
"Maybe it is time to retire the boot_file parsing completely. These
days we use the bootduid. The device we get from boot_file is only
used if we don't find a match