Ashton Fagg <ash...@fagg.id.au> writes:
> Hi all,
>
> I saw a discussion on here a while ago about the use of patterns like:
>
> if (unveil(some_path, "r") == -1)
> err(1, "unveil");
>
> And why that's maybe not preferable for debugging and troubleshooting
> purposes for programs which have multiple unveil calls (which happens
> fairly often).
>
> Original message here: https://marc.info/?l=openbsd-tech&m=161470144611031&w=2
Patch attached which cleans up the single occurrence of this in xenocara.
Thanks.
diff --git a/xserver/os/privsep.c b/xserver/os/privsep.c
index bbe9222c8..baba33e03 100644
--- a/xserver/os/privsep.c
+++ b/xserver/os/privsep.c
@@ -287,7 +287,7 @@ priv_init(uid_t uid, gid_t gid)
for (dev = allowed_devices; dev->name != NULL; dev++) {
if (unveil(dev->name, "rw") == -1 && errno != ENOENT)
- err(1, "unveil");
+ err(1, "unveil %s", dev->name);
}
if (pledge("stdio rpath wpath sendfd proc", NULL) == -1)
err(1, "pledge");
