From b727496ca0f708e67a83a526847023dac42fe4bf Mon Sep 17 00:00:00 2001 From: deraadt Date: Mon, 16 Mar 2026 19:54:27 +0000 Subject: [PATCH] clarify unveil usage with job --- lib/libc/sys/unveil.2 | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/lib/libc/sys/unveil.2 b/lib/libc/sys/unveil.2 index 3d0a7e2120f..487ce0553c9 100644 --- a/lib/libc/sys/unveil.2 +++ b/lib/libc/sys/unveil.2 @@ -1,4 +1,4 @@ -.\" $OpenBSD: unveil.2,v 1.22 2021/09/06 08:03:08 deraadt Exp $ +.\" $OpenBSD: unveil.2,v 1.23 2026/03/16 19:54:27 deraadt Exp $ .\" .\" Copyright (c) 2018 Bob Beck .\" @@ -14,7 +14,7 @@ .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" -.Dd $Mdocdate: September 6 2021 $ +.Dd $Mdocdate: March 16 2026 $ .Dt UNVEIL 2 .Os .Sh NAME @@ -27,8 +27,6 @@ .Sh DESCRIPTION The first call to .Fn unveil -that specifies a -.Fa path removes visibility of the entire filesystem from all other filesystem-related system calls (such as .Xr open 2 , @@ -44,8 +42,8 @@ The .Fn unveil system call remains capable of traversing to any .Fa path -in the filesystem, so additional calls can set permissions at other -points in the filesystem hierarchy. +in the filesystem, so additional calls can set permissions at any +other points in the filesystem hierarchy. .Pp After establishing a collection of .Fa path @@ -55,12 +53,14 @@ rules, future calls to .Fn unveil can be disabled by passing two .Dv NULL -arguments. -Alternatively, +arguments, or with a .Xr pledge 2 -may be used to remove the +call which lacks the .Qq unveil promise. +It is strongly recommended to lock +.Fn unveil +after configuration. .Pp The .Fa permissions