From: Mikhail Subject: Re: gotd: unveil in PROFILE builds To: Omar Polo Cc: gameoftrees@openbsd.org Date: Tue, 2 May 2023 21:09:23 +0300 On Tue, May 02, 2023 at 07:50:47PM +0200, Omar Polo wrote: > On 2023/05/01 21:43:19 +0300, Mikhail wrote: > > On Mon, May 01, 2023 at 09:25:50PM +0300, Mikhail wrote: > > > apply_unveil_none() hides whole file system and it makes getpwuid fail > > > in PROFILE builds > > > > Not my day. Better patch to disable all unveils: > > I'm not sure it's a good idea to disable unveil in gotd PROFILE > builds; we usually don't do that. > > since the getpw pledge is only used in the auth process, what about > disabling unveil() only in that process and comment why we're doing > that? > > (admittedly only build tested) Gotd forks several processes, it means that to collect data you will need to set PROFDIR (documented in gprof(4) and get profiling from files named .gotd, it in turns mean that we can't unveil exact file name as we do in got, which uses gmon.out. Those files will go to your current dir. I can't see how we can keep strict unveil's and allow multi-process profiling. I should have said that in my first email, will be more thoughtful in future.