Hi,
I was actually wondering why we removed it and it stems from a
discussion with kettenis when I was doing cleanup, he wrote:
"Maybe it is time to retire the boot_file parsing completely. These
days we use the bootduid. The device we get from boot_file is only
used if we don't find a match
On Wed, Dec 01, 2021 at 09:26:32AM -0700, Theo de Raadt wrote:
> I don't understand.
>
> Why do you think the directory should be visible?
unveil("/", "r") should make everything visible for read. So the stat
should not fail. The fact that /usr/bin is a special snowflake because of
the extra
I don't understand.
Why do you think the directory should be visible?
Sebastien Marie wrote:
> Hi,
>
> I have a program with unexpected unveil violation.
>
> I put the whole / read-only, and next few programs executable (the
> purpose is to restrict the executable files to only a small set).
Hi,
I have a program with unexpected unveil violation.
I put the whole / read-only, and next few programs executable (the
purpose is to restrict the executable files to only a small set).
The directory containing the executable is not visible anymore.
$ cat test.c
#include
#include
#include
> Date: Thu, 25 Nov 2021 15:14:27 -0700
> From: Ted Bullock
Hi Ted,
I made some small changes to the code and committed it. I chose to
use device_type in the end since that better reflects the intention of
disabling devices that use the Open Firmware driver for IDE devices.
Thanks for getting
> Date: Wed, 1 Dec 2021 12:23:00 +0100
> From: Patrick Wildt
>
> Hi,
>
> I was actually wondering why we removed it and it stems from a
> discussion with kettenis when I was doing cleanup, he wrote:
>
> "Maybe it is time to retire the boot_file parsing completely. These
> days we use the
On Wed, Dec 1, 2021 at 6:03 AM Mark Kettenis wrote:
>
> > Date: Wed, 1 Dec 2021 12:23:00 +0100
> > From: Patrick Wildt
> >
> > Hi,
> >
> > I was actually wondering why we removed it and it stems from a
> > discussion with kettenis when I was doing cleanup, he wrote:
> >
> > "Maybe it is time to
On Wed, Dec 01, 2021 at 02:14:40PM +0100, Sebastien Marie wrote:
> Hi,
>
> I have a program with unexpected unveil violation.
>
> I put the whole / read-only, and next few programs executable (the
> purpose is to restrict the executable files to only a small set).
>
> The directory containing