"Theo de Raadt" <dera...@openbsd.org> writes:
> No, it is either:
>
> err(1, "unveil %s", path)
>
> or
>
> err(1, "unveil: %s", path)
>
> I remain undecided between those two, i don't particularily like two :: in
> a error message.
Ok splendid. I've regenerated these, this time including dhcpleased and
slaacd since Florian requested I do this in private mail.
I went for err(1, "unveil %s", path) per Theo's suggestion - nice and
clear. This is now everything in sbin, bin and games. usr/{bin, sbin}
looks like a bigger job but I'll get to it this week probably.
diff --git a/sbin/dhclient/dhclient.c b/sbin/dhclient/dhclient.c
index 993c829f2d2..4273a26fbc9 100644
--- a/sbin/dhclient/dhclient.c
+++ b/sbin/dhclient/dhclient.c
@@ -2334,9 +2334,9 @@ fork_privchld(struct interface_info *ifi, int fd, int fd2)
fatal("socket(AF_ROUTE, SOCK_RAW)");
if (unveil(_PATH_RESCONF, "wc") == -1)
- fatal("unveil");
+ fatal("unveil %s", _PATH_RESCONF);
if (unveil("/etc/resolv.conf.tail", "r") == -1)
- fatal("unveil");
+ fatal("unveil /etc/resolve.conf.tail");
if (unveil(NULL, NULL) == -1)
fatal("unveil");
diff --git a/sbin/fsck_ffs/setup.c b/sbin/fsck_ffs/setup.c
index e9c922d7c37..e3706d7b759 100644
--- a/sbin/fsck_ffs/setup.c
+++ b/sbin/fsck_ffs/setup.c
@@ -105,7 +105,7 @@ setup(char *dev, int isfsdb)
if (isfsdb || !hotroot()) {
if (unveil("/dev", "rw") == -1)
- err(1, "unveil");
+ err(1, "unveil /dev");
if (pledge("stdio rpath wpath getpw tty disklabel",
NULL) == -1)
err(1, "pledge");
diff --git a/sbin/fsck_msdos/check.c b/sbin/fsck_msdos/check.c
index 4a2f07f1131..b011cd7dca6 100644
--- a/sbin/fsck_msdos/check.c
+++ b/sbin/fsck_msdos/check.c
@@ -55,7 +55,7 @@ checkfilesys(const char *fname)
int mod = 0;
if (unveil("/dev", "rw") == -1)
- err(1, "unveil");
+ err(1, "unveil /dev");
rdonly = alwaysno;
diff --git a/sbin/fsck/fsck.c b/sbin/fsck/fsck.c
index 09475f346d3..0c8efa626a2 100644
--- a/sbin/fsck/fsck.c
+++ b/sbin/fsck/fsck.c
@@ -110,11 +110,11 @@ main(int argc, char *argv[])
checkroot();
if (unveil("/dev", "rw") == -1)
- err(1, "unveil");
+ err(1, "unveil /dev");
if (unveil(_PATH_FSTAB, "r") == -1)
- err(1, "unveil");
+ err(1, "unveil %s", _PATH_FSTAB);
if (unveil("/sbin", "x") == -1)
- err(1, "unveil");
+ err(1, "unveil /sbin");
if (pledge("stdio rpath wpath disklabel proc exec", NULL) == -1)
err(1, "pledge");
diff --git a/sbin/ifconfig/ifconfig.c b/sbin/ifconfig/ifconfig.c
index c527dadadaf..1681702f9bc 100644
--- a/sbin/ifconfig/ifconfig.c
+++ b/sbin/ifconfig/ifconfig.c
@@ -773,7 +773,7 @@ main(int argc, char *argv[])
if (argc < 2) {
/* no filesystem visibility */
if (unveil("/", "") == -1)
- err(1, "unveil");
+ err(1, "unveil /");
if (unveil(NULL, NULL) == -1)
err(1, "unveil");
aflag = 1;
@@ -827,11 +827,11 @@ main(int argc, char *argv[])
if (!found_rulefile) {
if (unveil(_PATH_RESCONF, "r") == -1)
- err(1, "unveil");
+ err(1, "unveil %s", _PATH_RESCONF);
if (unveil(_PATH_HOSTS, "r") == -1)
- err(1, "unveil");
+ err(1, "unveil %s", _PATH_HOSTS);
if (unveil(_PATH_SERVICES, "r") == -1)
- err(1, "unveil");
+ err(1, "unveil %s", _PATH_SERVICES);
if (unveil(NULL, NULL) == -1)
err(1, "unveil");
}
diff --git a/sbin/nologin/nologin.c b/sbin/nologin/nologin.c
index 88bdd5f6fd7..c60257da517 100644
--- a/sbin/nologin/nologin.c
+++ b/sbin/nologin/nologin.c
@@ -47,7 +47,7 @@ main(int argc, char *argv[])
char nbuf[BUFSIZ];
if (unveil(_PATH_NOLOGIN_TXT, "r") == -1)
- err(1, "unveil");
+ err(1, "unveil %s", _PATH_NOLOGIN_TXT);
if (pledge("stdio rpath", NULL) == -1)
err(1, "pledge");
diff --git a/sbin/pflogd/privsep.c b/sbin/pflogd/privsep.c
index a1c109005cf..805b460ffce 100644
--- a/sbin/pflogd/privsep.c
+++ b/sbin/pflogd/privsep.c
@@ -134,15 +134,15 @@ priv_init(int Pflag, int argc, char *argv[])
setproctitle("[priv]");
if (unveil(_PATH_RESCONF, "r") == -1)
- err(1, "unveil");
+ err(1, "unveil %s", _PATH_RESCONF);
if (unveil(_PATH_HOSTS, "r") == -1)
- err(1, "unveil");
+ err(1, "unveil %s", _PATH_HOSTS);
if (unveil(_PATH_SERVICES, "r") == -1)
- err(1, "unveil");
+ err(1, "unveil %s", _PATH_SERVICES);
if (unveil("/dev/bpf", "r") == -1)
- err(1, "unveil");
+ err(1, "unveil /dev/bpf");
if (unveil(filename, "rwc") == -1)
- err(1, "unveil");
+ err(1, "unveil %s", filename);
if (unveil(NULL, NULL) == -1)
err(1, "unveil");
diff --git a/sbin/ping/ping.c b/sbin/ping/ping.c
index f7c3c101b25..0693f804f81 100644
--- a/sbin/ping/ping.c
+++ b/sbin/ping/ping.c
@@ -266,7 +266,7 @@ main(int argc, char *argv[])
/* Cannot pledge due to special setsockopt()s below */
if (unveil("/", "r") == -1)
- err(1, "unveil");
+ err(1, "unveil /");
if (unveil(NULL, NULL) == -1)
err(1, "unveil");
diff --git a/bin/ps/ps.c b/bin/ps/ps.c
index 84be7afe802..7df4b0e17cd 100644
--- a/bin/ps/ps.c
+++ b/bin/ps/ps.c
@@ -276,18 +276,18 @@ main(int argc, char *argv[])
errx(1, "%s", errbuf);
if (unveil(_PATH_DEVDB, "r") == -1 && errno != ENOENT)
- err(1, "unveil");
+ err(1, "unveil %s", _PATH_DEVDB);
if (unveil(_PATH_DEV, "r") == -1 && errno != ENOENT)
- err(1, "unveil");
+ err(1, "unveil %s", _PATH_DEV);
if (swapf)
if (unveil(swapf, "r") == -1)
- err(1, "unveil");
+ err(1, "unveil %s", swapf);
if (nlistf)
if (unveil(nlistf, "r") == -1)
- err(1, "unveil");
+ err(1, "unveil %s", nlistf);
if (memf)
if (unveil(memf, "r") == -1)
- err(1, "unveil");
+ err(1, "unveil %s", memf);
if (pledge("stdio rpath getpw ps", NULL) == -1)
err(1, "pledge");
diff --git a/sbin/shutdown/shutdown.c b/sbin/shutdown/shutdown.c
index d28eb676172..1f3b379f2d4 100644
--- a/sbin/shutdown/shutdown.c
+++ b/sbin/shutdown/shutdown.c
@@ -166,24 +166,24 @@ main(int argc, char *argv[])
}
if (unveil(_PATH_CONSOLE, "rw") == -1)
- err(1, "unveil");
+ err(1, "unveil %s", _PATH_CONSOLE);
if (unveil(_PATH_RC, "r") == -1)
- err(1, "unveil");
+ err(1, "unveil %s", _PATH_RC);
if (unveil(_PATH_WALL, "x") == -1)
- err(1, "unveil");
+ err(1, "unveil %s", _PATH_WALL);
if (unveil(_PATH_FASTBOOT, "wc") == -1)
- err(1, "unveil");
+ err(1, "unveil %s", _PATH_FASTBOOT);
if (unveil(_PATH_NOLOGIN, "wc") == -1)
- err(1, "unveil");
+ err(1, "unveil %s", _PATH_NOLOGIN);
if (dohalt || dopower) {
if (unveil(_PATH_HALT, "x") == -1)
- err(1, "unveil");
+ err(1, "unveil %s", _PATH_HALT);
} else if (doreboot) {
if (unveil(_PATH_REBOOT, "x") == -1)
- err(1, "unveil");
+ err(1, "unveil %s", _PATH_REBOOT);
} else {
if (unveil(_PATH_BSHELL, "x") == -1)
- err(1, "unveil");
+ err(1, "unveil %s", _PATH_BSHELL);
}
if (pledge("stdio rpath wpath cpath getpw tty id proc exec", NULL) == -1)
err(1, "pledge");
diff --git a/sbin/sysctl/sysctl.c b/sbin/sysctl/sysctl.c
index 5e9e562d308..4e17ae45390 100644
--- a/sbin/sysctl/sysctl.c
+++ b/sbin/sysctl/sysctl.c
@@ -264,9 +264,9 @@ main(int argc, char *argv[])
ctime(&boottime); /* satisfy potential $TZ expansion before unveil() */
if (unveil(_PATH_DEVDB, "r") == -1 && errno != ENOENT)
- err(1,"unveil");
+ err(1,"unveil %s", _PATH_DEVDB);
if (unveil("/dev", "r") == -1 && errno != ENOENT)
- err(1, "unveil");
+ err(1, "unveil /dev");
if (unveil(NULL, NULL) == -1)
err(1, "unveil");
diff --git a/games/tetris/tetris.c b/games/tetris/tetris.c
index 69f4532a4ac..773017e1dce 100644
--- a/games/tetris/tetris.c
+++ b/games/tetris/tetris.c
@@ -234,7 +234,7 @@ main(int argc, char *argv[])
scr_init();
if (unveil(scorepath, "rwc") == -1)
- err(1, "unveil");
+ err(1, "unveil %s", scorepath);
if (pledge("stdio rpath wpath cpath tty", NULL) == -1)
err(1, "pledge");
diff --git a/sbin/unwind/resolver.c b/sbin/unwind/resolver.c
index 2db2e7274ab..fa75560ea43 100644
--- a/sbin/unwind/resolver.c
+++ b/sbin/unwind/resolver.c
@@ -377,7 +377,7 @@ resolver(int debug, int verbose)
fatal("can't drop privileges");
if (unveil(TLS_DEFAULT_CA_CERT_FILE, "r") == -1)
- fatal("unveil");
+ fatal("unveil %s", TLS_DEFAULT_CA_CERT_FILE);
if (pledge("stdio inet dns rpath recvfd", NULL) == -1)
fatal("pledge");
diff --git a/sbin/slaacd/engine.c b/sbin/slaacd/engine.c
index c39f50b33b7..9070b2bc669 100644
--- a/sbin/slaacd/engine.c
+++ b/sbin/slaacd/engine.c
@@ -368,9 +368,9 @@ engine(int debug, int verbose)
fatal("chdir(\"/\")");
if (unveil("/", "") == -1)
- fatal("unveil(\"/\", \"\")");
+ fatal("unveil /");
if (unveil(NULL, NULL) == -1)
- fatal("unveil(NULL, NULL)");
+ fatal("unveil");
setproctitle("%s", "engine");
log_procinit("engine");
diff --git a/sbin/slaacd/frontend.c b/sbin/slaacd/frontend.c
index 3553595db4c..fd71dda9374 100644
--- a/sbin/slaacd/frontend.c
+++ b/sbin/slaacd/frontend.c
@@ -149,9 +149,9 @@ frontend(int debug, int verbose)
fatal("chdir(\"/\")");
if (unveil("/", "") == -1)
- fatal("unveil(\"/\", \"\")");
+ fatal("unveil /");
if (unveil(NULL, NULL) == -1)
- fatal("unveil(NULL, NULL)");
+ fatal("unveil");
setproctitle("%s", "frontend");
log_procinit("frontend");
diff --git a/sbin/dhcpleased/dhcpleased.c b/sbin/dhcpleased/dhcpleased.c
index 46685012402..98dabd7e726 100644
--- a/sbin/dhcpleased/dhcpleased.c
+++ b/sbin/dhcpleased/dhcpleased.c
@@ -272,7 +272,7 @@ main(int argc, char *argv[])
}
if (unveil(NULL, NULL) == -1)
- fatal("locking unveil");
+ fatal("unveil");
#if notyet
if (pledge("stdio inet rpath wpath sendfd wroute bpf", NULL) == -1)
fatal("pledge");
diff --git a/sbin/dhcpleased/engine.c b/sbin/dhcpleased/engine.c
index badd7c76709..b17b9a5fb03 100644
--- a/sbin/dhcpleased/engine.c
+++ b/sbin/dhcpleased/engine.c
@@ -177,9 +177,9 @@ engine(int debug, int verbose)
fatal("chdir(\"/\")");
if (unveil("/", "") == -1)
- fatal("unveil(\"/\", \"\")");
+ fatal("unveil /");
if (unveil(NULL, NULL) == -1)
- fatal("unveil(NULL, NULL)");
+ fatal("unveil");
setproctitle("%s", "engine");
log_procinit("engine");
diff --git a/sbin/dhcpleased/frontend.c b/sbin/dhcpleased/frontend.c
index 79e69f9f25c..4da7fecfeaa 100644
--- a/sbin/dhcpleased/frontend.c
+++ b/sbin/dhcpleased/frontend.c
@@ -138,9 +138,9 @@ frontend(int debug, int verbose)
fatal("chdir(\"/\")");
if (unveil("/", "") == -1)
- fatal("unveil(\"/\", \"\")");
+ fatal("unveil /");
if (unveil(NULL, NULL) == -1)
- fatal("unveil(NULL, NULL)");
+ fatal("unveil");
setproctitle("%s", "frontend");
log_procinit("frontend");
