Todd C. Miller <millert@openbsd.org> wrote:

> +to initialize the time conversion information before calling
> +.Xr chroot 2 ,
> +.Xr pledge 2 ,
> +or
> +.Xr unveil 2 .
> +Otherwise, the program may not have access to the time conversion data files.

I mailed millert seperately about this, but I should bring it up.

The unveil situation is a little bit strange.

If you use unveil + pledge "rpath", and your unveil fails to provide access
to the directory, pledge will re-open access, it is a "unveil bypass" to
reasonably support substantial code in libc and programs.

If you unveil without pledge, you don't get access to the directory.

It might be a little bit unexpected that these behave differently, but there
are sensible reasons.

I'm slowly thinking whether we should change that.  Naw...