Florian Obser <flor...@openbsd.org> wrote:
> In this hunk alone you have three out of five and you log them all
> differently. I think this should be unified as
> fatal("unveil(\"%s\", \"%s\")", _PATH_RESCONF, "wc");
> fatal("unveil(\"%s\", \"%s\")", /etc/resolv.conf.tail, "r");
> fatal("unveil(\"%s\", \"%s\")", "NULL", "NULL");
I disagree on showing the permission.
Let's step back to why we would unveil error messages to show more.
We want to see what the problematic path was. The permission is almost
always hard-coded in the program, but paths come in both fixed and dynamic
variety.
So if the messages were just 'unveil %s: error' or 'unveil: %s: error'
I would be thrilled, as this allows users to realize why the program is
not working right.
As a general rule these unveil errors are extremely rare, probably indicating
that the system filesystem has an unexpected layout.
