Theo de Raadt <dera...@openbsd.org> wrote:
> Florian Obser <flor...@openbsd.org> wrote:
>
> > In this hunk alone you have three out of five and you log them all
> > differently. I think this should be unified as
> > fatal("unveil(\"%s\", \"%s\")", _PATH_RESCONF, "wc");
> > fatal("unveil(\"%s\", \"%s\")", /etc/resolv.conf.tail, "r");
> > fatal("unveil(\"%s\", \"%s\")", "NULL", "NULL");
>
> I disagree on showing the permission.
>
> Let's step back to why we would unveil error messages to show more.
> We want to see what the problematic path was. The permission is almost
> always hard-coded in the program, but paths come in both fixed and dynamic
> variety.
>
> So if the messages were just 'unveil %s: error' or 'unveil: %s: error'
> I would be thrilled, as this allows users to realize why the program is
> not working right.
>
> As a general rule these unveil errors are extremely rare, probably indicating
> that the system filesystem has an unexpected layout.
Furthermore, unveil(NULL,NULL) cannot indicate an error. None of the 4
errors apply. So upon -1 return, I think it could be just err(1, "unveil"),
this is not ambigious.
Regarding providing () and "" in error messages, imagine if this was done
with cat or ls. Yuck.
