On Tue, Aug 21, 2018 at 09:51:52PM -0700, Carlos Cardenas wrote:
> Patch to unveil vmctl.
>
> Comments/OK?
>
OK reyk
btw. paths[0] is an artifact from the old pledge paths argument.
semarie@ removed it in -r1.13 of main.c but we both overlooked that
paths[2] is not needed anymore and could just be turned into a
non-array path variable.
Reyk
> +--+
> Carlos
> Index: main.c
> ===================================================================
> RCS file: /home/los/cvs/src/usr.sbin/vmctl/main.c,v
> retrieving revision 1.39
> diff -u -p -r1.39 main.c
> --- main.c 12 Jul 2018 14:53:37 -0000 1.39
> +++ main.c 18 Aug 2018 23:22:39 -0000
> @@ -160,7 +160,7 @@ parse(int argc, char *argv[])
>
> if (!ctl->has_pledge) {
> /* pledge(2) default if command doesn't have its own pledge */
> - if (pledge("stdio rpath exec unix getpw", NULL) == -1)
> + if (pledge("stdio rpath exec unix getpw unveil", NULL) == -1)
> err(1, "pledge");
> }
> if (ctl->main(&res, argc, argv) != 0)
> @@ -185,6 +185,8 @@ vmmaction(struct parse_result *res)
> unsigned int flags;
>
> if (ctl_sock == -1) {
> + if (unveil(SOCKET_NAME, "r") == -1)
> + err(1, "unveil");
> if ((ctl_sock = socket(AF_UNIX,
> SOCK_STREAM|SOCK_CLOEXEC, 0)) == -1)
> err(1, "socket");
> @@ -477,6 +479,10 @@ ctl_create(struct parse_result *res, int
>
> paths[0] = argv[1];
> paths[1] = NULL;
> +
> + if (unveil(paths[0], "rwc") == -1)
> + err(1, "unveil");
> +
> if (pledge("stdio rpath wpath cpath", NULL) == -1)
> err(1, "pledge");
> argc--;
> @@ -759,6 +765,8 @@ __dead void
> ctl_openconsole(const char *name)
> {
> closefrom(STDERR_FILENO + 1);
> + if (unveil(VMCTL_CU, "x") == -1)
> + err(1, "unveil");
> execl(VMCTL_CU, VMCTL_CU, "-l", name, "-s", "115200", (char *)NULL);
> err(1, "failed to open the console");
> }
--
