Ashton Fagg <ash...@fagg.id.au> writes:
> Ok splendid. I've regenerated these, this time including dhcpleased and
> slaacd since Florian requested I do this in private mail.
>
> I went for err(1, "unveil %s", path) per Theo's suggestion - nice and
> clear. This is now everything in sbin, bin and games. usr/{bin, sbin}
> looks like a bigger job but I'll get to it this week probably.
Patches attached for all utilities in usr.bin. There's a couple of these
that also fix some whitespace problems (trailing tabs for example).
All that leaves now is usr.sbin, which I will get to tomorrow most likely.
diff --git a/usr.bin/audioctl/audioctl.c b/usr.bin/audioctl/audioctl.c
index ec2c1927695..b547c618b16 100644
--- a/usr.bin/audioctl/audioctl.c
+++ b/usr.bin/audioctl/audioctl.c
@@ -285,7 +285,7 @@ main(int argc, char **argv)
argv += optind;
if (unveil(path, "w") == -1)
- err(1, "unveil");
+ err(1, "unveil %s", path);
if (unveil(NULL, NULL) == -1)
err(1, "unveil");
@@ -296,5 +296,5 @@ main(int argc, char **argv)
audio_main(argc, argv);
close(fd);
- return 0;
+ return 0;
}
diff --git a/usr.bin/biff/biff.c b/usr.bin/biff/biff.c
index f8c102f5dfc..565b8ed9177 100644
--- a/usr.bin/biff/biff.c
+++ b/usr.bin/biff/biff.c
@@ -62,7 +62,7 @@ main(int argc, char *argv[])
err(2, "tty");
if (unveil(name, "rw") == -1)
- err(2, "unveil");
+ err(2, "unveil %s", name);
if (pledge("stdio rpath fattr", NULL) == -1)
err(2, "pledge");
diff --git a/usr.bin/chpass/chpass.c b/usr.bin/chpass/chpass.c
index f20b7f18b9b..d92a1d4c1e2 100644
--- a/usr.bin/chpass/chpass.c
+++ b/usr.bin/chpass/chpass.c
@@ -137,11 +137,11 @@ main(int argc, char *argv[])
display(tempname, dfd, pw);
if (unveil(_PATH_BSHELL, "x") == -1)
- err(1, "unveil");
+ err(1, "unveil %s", _PATH_BSHELL);
if (unveil(_PATH_SHELLS, "r") == -1)
- err(1, "unveil");
+ err(1, "unveil %s", _PATH_SHELLS);
if (unveil(tempname, "rc") == -1)
- err(1, "unveil");
+ err(1, "unveil %s", tempname);
if (pledge("stdio rpath wpath cpath id proc exec unveil",
NULL) == -1)
err(1, "pledge");
@@ -165,7 +165,7 @@ main(int argc, char *argv[])
if (op == NEWSH) {
if (unveil(_PATH_SHELLS, "r") == -1)
- err(1, "unveil");
+ err(1, "unveil %s", _PATH_SHELLS);
if (pledge("stdio rpath wpath cpath id proc exec unveil",
NULL) == -1)
err(1, "pledge");
@@ -184,11 +184,11 @@ main(int argc, char *argv[])
sigprocmask(SIG_BLOCK, &fullset, NULL);
if (unveil(_PATH_MASTERPASSWD_LOCK, "rwc") == -1)
- err(1, "unveil");
+ err(1, "unveil %s", _PATH_MASTERPASSWD_LOCK);
if (unveil(_PATH_MASTERPASSWD, "r") == -1)
- err(1, "unveil");
+ err(1, "unveil %s", _PATH_MASTERPASSWD);
if (unveil(_PATH_PWD_MKDB, "x") == -1)
- err(1, "unveil");
+ err(1, "unveil %s", _PATH_PWD_MKDB);
if (pledge("stdio rpath wpath cpath proc exec", NULL) == -1)
err(1, "pledge");
diff --git a/usr.bin/ctfconv/ctfconv.c b/usr.bin/ctfconv/ctfconv.c
index f47af91541d..b86e89d33e6 100644
--- a/usr.bin/ctfconv/ctfconv.c
+++ b/usr.bin/ctfconv/ctfconv.c
@@ -128,11 +128,11 @@ main(int argc, char *argv[])
filename = *argv;
if (unveil(filename, "r") == -1)
- err(1, "unveil");
+ err(1, "unveil %s", filename);
if (outfile != NULL) {
if (unveil(outfile, "wc") == -1)
- err(1, "unveil");
+ err(1, "unveil %s", outfile);
}
if (pledge("stdio rpath wpath cpath", NULL) == -1)
diff --git a/usr.bin/doas/doas.c b/usr.bin/doas/doas.c
index be05be3a968..5940402e27e 100644
--- a/usr.bin/doas/doas.c
+++ b/usr.bin/doas/doas.c
@@ -416,9 +416,10 @@ main(int argc, char **argv)
if (formerpath == NULL)
formerpath = "";
- if (unveil(_PATH_LOGIN_CONF, "r") == -1 ||
- unveil(_PATH_LOGIN_CONF ".db", "r") == -1)
- err(1, "unveil");
+ if (unveil(_PATH_LOGIN_CONF, "r") == -1)
+ err(1, "unveil %s", _PATH_LOGIN_CONF);
+ if (unveil(_PATH_LOGIN_CONF ".db", "r") == -1)
+ err(1, "unveil %s.db", _PATH_LOGIN_CONF);
if (rule->cmd) {
if (setenv("PATH", safepath, 1) == -1)
err(1, "failed to set PATH '%s'", safepath);
diff --git a/usr.bin/encrypt/encrypt.c b/usr.bin/encrypt/encrypt.c
index 01e96edd9f8..bbc41011783 100644
--- a/usr.bin/encrypt/encrypt.c
+++ b/usr.bin/encrypt/encrypt.c
@@ -95,9 +95,10 @@ main(int argc, char **argv)
char *extra = NULL; /* Store login class or number of rounds */
const char *errstr;
- if (unveil(_PATH_LOGIN_CONF, "r") == -1 ||
- unveil(_PATH_LOGIN_CONF ".db", "r") == -1)
- err(1, "unveil");
+ if (unveil(_PATH_LOGIN_CONF, "r") == -1)
+ err(1, "unveil %s", _PATH_LOGIN_CONF);
+ if (unveil(_PATH_LOGIN_CONF ".db", "r") == -1)
+ err(1, "unveil %s.db", _PATH_LOGIN_CONF);
if (pledge("stdio rpath tty", NULL) == -1)
err(1, "pledge");
diff --git a/usr.bin/from/from.c b/usr.bin/from/from.c
index 59b743e7247..50cc6cd74d4 100644
--- a/usr.bin/from/from.c
+++ b/usr.bin/from/from.c
@@ -80,7 +80,7 @@ main(int argc, char *argv[])
file = mail_spool(file, *argv);
if (unveil(file, "r") == -1)
- err(1, "unveil");
+ err(1, "unveil %s", file);
if (pledge("stdio rpath", NULL) == -1)
err(1, "pledge");
diff --git a/usr.bin/getconf/getconf.c b/usr.bin/getconf/getconf.c
index 3cf332f1181..95de075a8a1 100644
--- a/usr.bin/getconf/getconf.c
+++ b/usr.bin/getconf/getconf.c
@@ -514,7 +514,7 @@ main(int argc, char *argv[])
case PATHCONF:
if (unveil(argv[1], "r") == -1)
- err(1, "unveil");
+ err(1, "unveil %s", argv[1]);
if (pledge("stdio rpath", NULL) == -1)
err(1, "pledge");
errno = 0;
diff --git a/usr.bin/getent/getent.c b/usr.bin/getent/getent.c
index 3555f3420f0..340676a8ecc 100644
--- a/usr.bin/getent/getent.c
+++ b/usr.bin/getent/getent.c
@@ -102,7 +102,7 @@ main(int argc, char *argv[])
if (strcmp(curdb->name, argv[1]) == 0) {
if (curdb->unveil != NULL) {
if (unveil(curdb->unveil, "r") == -1)
- err(1, "unveil");
+ err(1, "unveil %s", curdb->unveil);
}
if (pledge(curdb->pledge, NULL) == -1)
err(1, "pledge");
diff --git a/usr.bin/htpasswd/htpasswd.c b/usr.bin/htpasswd/htpasswd.c
index 85a7f5ccece..177c3c999a1 100644
--- a/usr.bin/htpasswd/htpasswd.c
+++ b/usr.bin/htpasswd/htpasswd.c
@@ -74,9 +74,9 @@ main(int argc, char** argv)
if ((batch && argc == 1) || (!batch && argc == 2)) {
if (unveil(argv[0], "rwc") == -1)
- err(1, "unveil");
+ err(1, "unveil %s", argv[0]);
if (unveil("/tmp", "rwc") == -1)
- err(1, "unveil");
+ err(1, "unveil /tmp");
}
if (pledge("stdio rpath wpath cpath flock tmppath tty", NULL) == -1)
err(1, "pledge");
diff --git a/usr.bin/kdump/kdump.c b/usr.bin/kdump/kdump.c
index fb71d3c7520..92848924fb1 100644
--- a/usr.bin/kdump/kdump.c
+++ b/usr.bin/kdump/kdump.c
@@ -223,9 +223,9 @@ main(int argc, char *argv[])
if (strcmp(tracefile, "-") != 0)
if (unveil(tracefile, "r") == -1)
- err(1, "unveil");
+ err(1, "unveil %s", tracefile);
if (unveil(_PATH_PROTOCOLS, "r") == -1)
- err(1, "unveil");
+ err(1, "unveil %s", _PATH_PROTOCOLS);
if (pledge("stdio rpath getpw", NULL) == -1)
err(1, "pledge");
diff --git a/usr.bin/last/last.c b/usr.bin/last/last.c
index 98688a7bbcf..26c59205adf 100644
--- a/usr.bin/last/last.c
+++ b/usr.bin/last/last.c
@@ -153,7 +153,7 @@ main(int argc, char *argv[])
exit(0);
if (unveil(file, "r") == -1)
- err(1, "unveil");
+ err(1, "unveil %s", file);
if (pledge("stdio rpath", NULL) == -1)
err(1, "pledge");
diff --git a/usr.bin/look/look.c b/usr.bin/look/look.c
index fa0b7353bc2..4341a058ac1 100644
--- a/usr.bin/look/look.c
+++ b/usr.bin/look/look.c
@@ -111,7 +111,7 @@ main(int argc, char *argv[])
}
if (unveil(file, "r") == -1)
- err(2, "unveil");
+ err(2, "unveil %s", file);
if (pledge("stdio rpath", NULL) == -1)
err(2, "pledge");
diff --git a/usr.bin/mesg/mesg.c b/usr.bin/mesg/mesg.c
index d682e9e9bcd..eea246de42d 100644
--- a/usr.bin/mesg/mesg.c
+++ b/usr.bin/mesg/mesg.c
@@ -65,7 +65,7 @@ main(int argc, char *argv[])
err(2, "ttyname");
if (unveil(tty, "rw") == -1)
- err(2, "unveil");
+ err(2, "unveil %s", tty);
if (pledge("stdio rpath fattr", NULL) == -1)
err(2, "pledge");
diff --git a/usr.bin/mixerctl/mixerctl.c b/usr.bin/mixerctl/mixerctl.c
index e454d9d64bc..4b5cc79236d 100644
--- a/usr.bin/mixerctl/mixerctl.c
+++ b/usr.bin/mixerctl/mixerctl.c
@@ -285,7 +285,7 @@ main(int argc, char **argv)
aflag = 1;
if (unveil(file, "w") == -1)
- err(1, "unveil");
+ err(1, "unveil %s", file);
if (unveil(NULL, NULL) == -1)
err(1, "unveil");
diff --git a/usr.bin/nc/netcat.c b/usr.bin/nc/netcat.c
index 503095584ad..f3c6433b793 100644
--- a/usr.bin/nc/netcat.c
+++ b/usr.bin/nc/netcat.c
@@ -364,13 +364,13 @@ main(int argc, char *argv[])
if (usetls) {
if (Cflag && unveil(Cflag, "r") == -1)
- err(1, "unveil");
+ err(1, "unveil %s", Cflag);
if (unveil(Rflag, "r") == -1)
- err(1, "unveil");
+ err(1, "unveil %s", Rflag);
if (Kflag && unveil(Kflag, "r") == -1)
- err(1, "unveil");
+ err(1, "unveil %s", Kflag);
if (oflag && unveil(oflag, "r") == -1)
- err(1, "unveil");
+ err(1, "unveil %s", oflag);
} else if (family == AF_UNIX && uflag && lflag && !kflag) {
/*
* After recvfrom(2) from client, the server connects
@@ -380,20 +380,20 @@ main(int argc, char *argv[])
} else {
if (family == AF_UNIX) {
if (unveil(host, "rwc") == -1)
- err(1, "unveil");
+ err(1, "unveil %s", host);
if (uflag && !kflag) {
if (sflag) {
if (unveil(sflag, "rwc") == -1)
- err(1, "unveil");
+ err(1, "unveil %s", sflag);
} else {
if (unveil("/tmp", "rwc") == -1)
- err(1, "unveil");
+ err(1, "unveil /tmp");
}
}
} else {
/* no filesystem visibility */
if (unveil("/", "") == -1)
- err(1, "unveil");
+ err(1, "unveil /");
}
}
diff --git a/usr.bin/passwd/local_passwd.c b/usr.bin/passwd/local_passwd.c
index 955eb9e3820..9d76a5d8dfb 100644
--- a/usr.bin/passwd/local_passwd.c
+++ b/usr.bin/passwd/local_passwd.c
@@ -73,19 +73,19 @@ local_passwd(char *uname, int authenticated)
}
if (unveil(_PATH_MASTERPASSWD_LOCK, "rwc") == -1)
- err(1, "unveil");
+ err(1, "unveil %s", _PATH_MASTERPASSWD_LOCK);
if (unveil(_PATH_MASTERPASSWD, "r") == -1)
- err(1, "unveil");
+ err(1, "unveil %s", _PATH_MASTERPASSWD);
if (unveil(_PATH_LOGIN_CONF, "r") == -1)
- err(1, "unveil");
+ err(1, "unveil %s", _PATH_LOGIN_CONF);
if (unveil(_PATH_LOGIN_CONF ".db", "r") == -1)
- err(1, "unveil");
+ err(1, "unveil %s.db", _PATH_LOGIN_CONF);
if (unveil(_PATH_BSHELL, "x") == -1)
- err(1, "unveil");
+ err(1, "unveil %s", _PATH_BSHELL);
if (unveil(_PATH_SHELLS, "r") == -1)
- err(1, "unveil");
+ err(1, "unveil %s", _PATH_SHELLS);
if (unveil(_PATH_PWD_MKDB, "x") == -1)
- err(1, "unveil");
+ err(1, "unveil %s", _PATH_PWD_MKDB);
if (pledge("stdio rpath wpath cpath getpw tty id proc exec", NULL) == -1)
err(1, "pledge");
diff --git a/usr.bin/sdiff/sdiff.c b/usr.bin/sdiff/sdiff.c
index 90207e16950..8e15fc38dcd 100644
--- a/usr.bin/sdiff/sdiff.c
+++ b/usr.bin/sdiff/sdiff.c
@@ -255,7 +255,7 @@ main(int argc, char **argv)
if (outfile && (outfp = fopen(outfile, "w")) == NULL)
err(2, "could not open: %s", optarg);
- if ((tmpdir = getenv("TMPDIR")) == NULL || *tmpdir == '\0')
+ if ((tmpdir = getenv("TMPDIR")) == NULL || *tmpdir == '\0')
tmpdir = _PATH_TMP;
filename1 = argv[0];
@@ -263,15 +263,15 @@ main(int argc, char **argv)
if (!Fflag) {
if (unveil(filename1, "r") == -1)
- err(2, "unveil");
+ err(2, "unveil %s", filename1);
if (unveil(filename2, "r") == -1)
- err(2, "unveil");
+ err(2, "unveil %s", filename2);
if (unveil(tmpdir, "rwc") == -1)
- err(2, "unveil");
+ err(2, "unveil %s", tmpdir);
if (unveil("/usr/bin/diff", "x") == -1)
- err(2, "unveil");
+ err(2, "unveil /usr/bin/diff");
if (unveil(_PATH_BSHELL, "x") == -1)
- err(2, "unveil");
+ err(2, "unveil %s", _PATH_BSHELL);
}
if (pledge("stdio rpath wpath cpath proc exec", NULL) == -1)
err(2, "pledge");
diff --git a/usr.bin/sndiod/sndiod.c b/usr.bin/sndiod/sndiod.c
index 9a7daeb9e63..19d5ae28088 100644
--- a/usr.bin/sndiod/sndiod.c
+++ b/usr.bin/sndiod/sndiod.c
@@ -378,7 +378,7 @@ dounveil(char *name, char *prefix, char *path_prefix)
errx(1, "%s: unsupported device or port format", name);
snprintf(path, sizeof(path), "%s%s", path_prefix, name + prefix_len);
if (unveil(path, "rw") == -1)
- err(1, "unveil");
+ err(1, "unveil %s", path);
}
static int
diff --git a/usr.bin/su/su.c b/usr.bin/su/su.c
index 193fe832e16..ccc94cf76b1 100644
--- a/usr.bin/su/su.c
+++ b/usr.bin/su/su.c
@@ -161,17 +161,17 @@ main(int argc, char **argv)
}
if (unveil(_PATH_LOGIN_CONF, "r") == -1)
- err(1, "unveil");
+ err(1, "unveil %s", _PATH_LOGIN_CONF);
if (unveil(_PATH_LOGIN_CONF ".db", "r") == -1)
- err(1, "unveil");
+ err(1, "unveil %s.db", _PATH_LOGIN_CONF);
if (unveil(_PATH_AUTHPROGDIR, "x") == -1)
- err(1, "unveil");
+ err(1, "unveil %s", _PATH_AUTHPROGDIR);
if (unveil(_PATH_SHELLS, "r") == -1)
- err(1, "unveil");
+ err(1, "unveil %s", _PATH_SHELLS);
if (unveil(_PATH_DEVDB, "r") == -1)
- err(1, "unveil");
+ err(1, "unveil %s", _PATH_DEVDB);
if (unveil(_PATH_NOLOGIN, "r") == -1)
- err(1, "unveil");
+ err(1, "unveil %s", _PATH_NOLOGIN);
for (;;) {
char *pw_class = class;
@@ -251,9 +251,9 @@ main(int argc, char **argv)
}
if (unveil(shell, "x") == -1)
- err(1, "unveil");
+ err(1, "unveil %s", shell);
if (unveil(pwd->pw_dir, "r") == -1)
- err(1, "unveil");
+ err(1, "unveil %s", pwd->pw_dir);
if ((p = strrchr(shell, '/')))
avshell = p+1;
@@ -283,7 +283,7 @@ main(int argc, char **argv)
auth_err(as, 1, "%s", pwd->pw_dir);
} else {
if (unveil("/", "r") == -1)
- err(1, "unveil");
+ err(1, "unveil /");
printf("No home directory %s!\n", pwd->pw_dir);
printf("Logging in with home = \"/\".\n");
if (chdir("/") == -1)
diff --git a/usr.bin/systat/main.c b/usr.bin/systat/main.c
index 31092ec3f9a..c7108cd1e63 100644
--- a/usr.bin/systat/main.c
+++ b/usr.bin/systat/main.c
@@ -586,7 +586,7 @@ main(int argc, char *argv[])
setup_term(maxlines);
if (unveil("/", "r") == -1)
- err(1, "unveil");
+ err(1, "unveil /");
if (unveil(NULL, NULL) == -1)
err(1, "unveil");
diff --git a/usr.bin/tcpbench/tcpbench.c b/usr.bin/tcpbench/tcpbench.c
index c56752ce10e..670b345f0a6 100644
--- a/usr.bin/tcpbench/tcpbench.c
+++ b/usr.bin/tcpbench/tcpbench.c
@@ -1273,11 +1273,11 @@ main(int argc, char **argv)
if (ptb->kvars) {
if (unveil(_PATH_MEM, "r") == -1)
- err(1, "unveil");
+ err(1, "unveil %s", _PATH_MEM);
if (unveil(_PATH_KMEM, "r") == -1)
- err(1, "unveil");
+ err(1, "unveil %s", _PATH_KMEM);
if (unveil(_PATH_KSYMS, "r") == -1)
- err(1, "unveil");
+ err(1, "unveil %s", _PATH_KSYMS);
if ((ptb->kvmh = kvm_openfiles(NULL, NULL, NULL,
O_RDONLY, kerr)) == NULL)
@@ -1294,7 +1294,7 @@ main(int argc, char **argv)
if (ptb->Uflag)
if (unveil(host, "rwc") == -1)
- err(1, "unveil");
+ err(1, "unveil %s", host);
if (pledge("stdio id dns inet unix", NULL) == -1)
err(1, "pledge");
diff --git a/usr.bin/tty/tty.c b/usr.bin/tty/tty.c
index 0409f441aca..bf27670c530 100644
--- a/usr.bin/tty/tty.c
+++ b/usr.bin/tty/tty.c
@@ -58,7 +58,7 @@ main(int argc, char *argv[])
}
if (unveil(_PATH_DEVDB, "r") == -1)
- err(1, "unveil");
+ err(1, "unveil %s", _PATH_DEVDB);
if (pledge("stdio rpath", NULL) == -1)
err(1, "pledge");
diff --git a/usr.bin/users/users.c b/usr.bin/users/users.c
index 07d43771a3a..f3b9e1484c5 100644
--- a/usr.bin/users/users.c
+++ b/usr.bin/users/users.c
@@ -54,7 +54,7 @@ main(int argc, char *argv[])
int ch;
if (unveil(_PATH_UTMP, "r") == -1)
- err(1, "unveil");
+ err(1, "unveil %s", _PATH_UTMP);
if (pledge("stdio rpath", NULL) == -1)
err(1, "pledge");
diff --git a/usr.bin/vmstat/vmstat.c b/usr.bin/vmstat/vmstat.c
index da88fe0e095..c9ff3022d96 100644
--- a/usr.bin/vmstat/vmstat.c
+++ b/usr.bin/vmstat/vmstat.c
@@ -213,7 +213,7 @@ main(int argc, char *argv[])
}
if (unveil("/", "") == -1)
- err(1, "unveil");
+ err(1, "unveil /");
if (unveil(NULL, NULL) == -1)
err(1, "unveil");
diff --git a/usr.bin/wall/wall.c b/usr.bin/wall/wall.c
index 9626dc16287..6f4e3bcd012 100644
--- a/usr.bin/wall/wall.c
+++ b/usr.bin/wall/wall.c
@@ -116,11 +116,11 @@ main(int argc, char **argv)
makemsg(*argv);
if (unveil(_PATH_UTMP, "r") == -1)
- err(1, "unveil");
+ err(1, "unveil %s", _PATH_UTMP);
if (unveil(_PATH_DEV, "w") == -1)
- err(1, "unveil");
+ err(1, "unveil %s", _PATH_DEV);
if (unveil(_PATH_DEVDB, "r") == -1)
- err(1, "unveil");
+ err(1, "unveil %s", _PATH_DEVDB);
if (pledge("stdio rpath wpath getpw proc", NULL) == -1)
err(1, "pledge");
diff --git a/usr.bin/who/who.c b/usr.bin/who/who.c
index a625d440582..9630a8048fd 100644
--- a/usr.bin/who/who.c
+++ b/usr.bin/who/who.c
@@ -113,7 +113,7 @@ main(int argc, char *argv[])
if (show_quick) {
only_current_term = show_term = show_idle = show_labels = 0;
}
-
+
if (show_term)
hostwidth -= 2;
if (show_idle)
@@ -123,10 +123,10 @@ main(int argc, char *argv[])
output_labels();
if (unveil(_PATH_UTMP, "r") == -1)
- err(1, "unveil");
+ err(1, "unveil %s", _PATH_UTMP);
if (show_term || show_idle) {
if (unveil(_PATH_DEV, "r") == -1)
- err(1, "unveil");
+ err(1, "unveil %s", _PATH_DEV);
}
switch (argc) {
case 0: /* who */
@@ -138,7 +138,7 @@ main(int argc, char *argv[])
who_am_i(ufp);
} else if (show_quick) {
int count = 0;
-
+
while (fread((char *)&usr, sizeof(usr), 1, ufp) == 1) {
if (*usr.ut_name && *usr.ut_line) {
(void)printf("%-*.*s ", NAME_WIDTH,
@@ -159,7 +159,7 @@ main(int argc, char *argv[])
break;
case 1: /* who utmp_file */
if (unveil(*argv, "r") == -1)
- err(1, "unveil");
+ err(1, "unveil %s", *argv);
if (pledge("stdio rpath getpw", NULL) == -1)
err(1, "pledge");
ufp = file(*argv);
