From: "Theo de Raadt" Subject: Re: nfsd unveil error To: Alexander Bluhm Cc: tech@openbsd.org Date: Fri, 27 Mar 2026 12:39:59 -0600 That's good. Another implicit "rw" open of "/dev/null". nfsd is one of those programs that relies upon unveil() alone because it cannot use pledge() Alexander Bluhm wrote: > Hi, > > nfsd(8) complains about unveil(2) violations in accouting. > It happens during daemon(3) in the child process. > > 54336 nfsd RET fork 0 > 54336 nfsd CALL setsid() > 54336 nfsd RET setsid 54336/0xd440 > 54336 nfsd CALL chdir(0x40886de80d8) > 54336 nfsd NAMI "/" > 54336 nfsd RET chdir -1 errno 2 No such file or directory > 54336 nfsd CALL __pledge_open(0x40886deb837,0x2) > 54336 nfsd NAMI "/dev/null" > 54336 nfsd RET __pledge_open -1 errno 2 No such file or directory > > Instead of unveiling / and /dev/null, move unveil(2) after daemon(3). > > ok? > > bluhm > > Index: sbin/nfsd/nfsd.c > =================================================================== > RCS file: /data/mirror/openbsd/cvs/src/sbin/nfsd/nfsd.c,v > diff -u -p -r1.47 nfsd.c > --- sbin/nfsd/nfsd.c 30 Nov 2025 23:07:17 -0000 1.47 > +++ sbin/nfsd/nfsd.c 27 Mar 2026 18:24:44 -0000 > @@ -113,15 +113,6 @@ main(int argc, char *argv[]) > /* Start by writing to both console and log. */ > openlog("nfsd", LOG_PID | LOG_PERROR, LOG_DAEMON); > > - if (unveil("/", "") == -1) { > - syslog(LOG_ERR, "unveil /: %s", strerror(errno)); > - return (1); > - } > - if (unveil(NULL, NULL) == -1) { > - syslog(LOG_ERR, "unveil: %s", strerror(errno)); > - return (1); > - } > - > while ((ch = getopt(argc, argv, "n:rtu")) != -1) > switch (ch) { > case 'n': > @@ -171,6 +162,15 @@ main(int argc, char *argv[]) > (void)signal(SIGSYS, nonfs); > } > (void)signal(SIGCHLD, reapchild); > + > + if (unveil("/", "") == -1) { > + syslog(LOG_ERR, "unveil /: %s", strerror(errno)); > + return (1); > + } > + if (unveil(NULL, NULL) == -1) { > + syslog(LOG_ERR, "unveil: %s", strerror(errno)); > + return (1); > + } > > if (reregister) { > if (udpflag && >