"Theo de Raadt" <dera...@openbsd.org> writes:
> Florian Obser <flor...@openbsd.org> wrote:
>
>> In this hunk alone you have three out of five and you log them all
>> differently. I think this should be unified as
>> fatal("unveil(\"%s\", \"%s\")", _PATH_RESCONF, "wc");
>> fatal("unveil(\"%s\", \"%s\")", /etc/resolv.conf.tail, "r");
>> fatal("unveil(\"%s\", \"%s\")", "NULL", "NULL");
>
> I disagree on showing the permission.
Fine by me. I was going back and forth on that.
>
> Let's step back to why we would unveil error messages to show more.
> We want to see what the problematic path was. The permission is almost
> always hard-coded in the program, but paths come in both fixed and dynamic
> variety.
>
> So if the messages were just 'unveil %s: error' or 'unveil: %s: error'
> I would be thrilled, as this allows users to realize why the program is
> not working right.
Sure.
>
> As a general rule these unveil errors are extremely rare, probably indicating
> that the system filesystem has an unexpected layout.
>
--
I'm not entirely sure you are real.
