"Theo de Raadt" <dera...@openbsd.org> writes: > Florian Obser <flor...@openbsd.org> wrote: > >> In this hunk alone you have three out of five and you log them all >> differently. I think this should be unified as >> fatal("unveil(\"%s\", \"%s\")", _PATH_RESCONF, "wc"); >> fatal("unveil(\"%s\", \"%s\")", /etc/resolv.conf.tail, "r"); >> fatal("unveil(\"%s\", \"%s\")", "NULL", "NULL"); > > I disagree on showing the permission.
Fine by me. I was going back and forth on that. > > Let's step back to why we would unveil error messages to show more. > We want to see what the problematic path was. The permission is almost > always hard-coded in the program, but paths come in both fixed and dynamic > variety. > > So if the messages were just 'unveil %s: error' or 'unveil: %s: error' > I would be thrilled, as this allows users to realize why the program is > not working right. Sure. > > As a general rule these unveil errors are extremely rare, probably indicating > that the system filesystem has an unexpected layout. > -- I'm not entirely sure you are real.