Up to [local] / src / sys / kern
Request diff between arbitrary revisions
Default branch: MAIN
Revision 1.55 / (download) - annotate - [select for diffs], Mon Dec 5 23:18:37 2022 UTC (18 months ago) by deraadt
Branch: MAIN
CVS Tags: OPENBSD_7_5_BASE,
OPENBSD_7_5,
OPENBSD_7_4_BASE,
OPENBSD_7_4,
OPENBSD_7_3_BASE,
OPENBSD_7_3,
HEAD
Changes since 1.54: +2 -2 lines
Diff to previous 1.54 (colored)
zap a pile of dangling tabs
Revision 1.54 / (download) - annotate - [select for diffs], Sun Aug 14 01:58:27 2022 UTC (21 months, 4 weeks ago) by jsg
Branch: MAIN
CVS Tags: OPENBSD_7_2_BASE,
OPENBSD_7_2
Changes since 1.53: +1 -4 lines
Diff to previous 1.53 (colored)
remove unneeded includes in sys/kern ok mpi@ miod@
Revision 1.53 / (download) - annotate - [select for diffs], Tue Jan 11 07:31:50 2022 UTC (2 years, 4 months ago) by semarie
Branch: MAIN
CVS Tags: OPENBSD_7_1_BASE,
OPENBSD_7_1
Changes since 1.52: +69 -106 lines
Diff to previous 1.52 (colored)
move kern_unveil.c to use DPRINTF() Changes the way printf debug is done in kern_unveil.c Currently, each printf() is enclosed in #ifdef DEBUG_UNVEIL. It moves to using DPRINTF(), and reduces the number of #ifdef inside the file. Also changes some strings to use __func__ instead of using the function name verbatim. ok visa@
Revision 1.52 / (download) - annotate - [select for diffs], Sun Jan 9 10:28:07 2022 UTC (2 years, 5 months ago) by claudio
Branch: MAIN
Changes since 1.51: +16 -8 lines
Diff to previous 1.51 (colored)
Add an UNVEIL_USERSET flag which is set when a unveil node is added via unveil(2). It is not set for nodes that are added as a result of a file being added via unveil(2). Use this flag to test if backtracking should be done or not. Also introduce UNVEIL_MASK which checks if any user flags are set and is used to properly return EACCES vs ENOENT. This fixes a problem where unveil("/", "r") & unveil("/usr/bin/id", "rx") cause an error when read accessing "/usr/bin". It also makes sure that unveil(path, "") will return ENOENT for any access of anything under path. Reported by and OK semarie@
Revision 1.51 / (download) - annotate - [select for diffs], Thu Sep 9 13:02:36 2021 UTC (2 years, 9 months ago) by claudio
Branch: MAIN
CVS Tags: OPENBSD_7_0_BASE,
OPENBSD_7_0
Changes since 1.50: +2 -2 lines
Diff to previous 1.50 (colored)
No need to initialize nuv, it is assigned to before use.
Revision 1.50 / (download) - annotate - [select for diffs], Thu Sep 2 12:35:23 2021 UTC (2 years, 9 months ago) by claudio
Branch: MAIN
Changes since 1.49: +61 -55 lines
Diff to previous 1.49 (colored)
Refactor how unveil generates EACCES errors. Instead of tracking the possible violation during the traversal of the path do the check at the end. Make the code a bit easier to grok. OK beck@ semarie@
Revision 1.49 / (download) - annotate - [select for diffs], Mon Aug 30 09:05:44 2021 UTC (2 years, 9 months ago) by claudio
Branch: MAIN
Changes since 1.48: +2 -2 lines
Diff to previous 1.48 (colored)
Make sure unveil remains locked over fork even in the case where the parent just called unveil(NULL, NULL) and nothing else. With and OK beck@
Revision 1.48 / (download) - annotate - [select for diffs], Fri Jul 16 07:59:38 2021 UTC (2 years, 10 months ago) by claudio
Branch: MAIN
Changes since 1.47: +8 -39 lines
Diff to previous 1.47 (colored)
Remove the unveil current directory pointer from struct process. Instead pass in the vnode to unveil_start_relative() like it is done for *at() syscalls. This fixes an issue with fchdir() that actually did not correctly reset this pointer when changing the working directory. OK beck@
Revision 1.47 / (download) - annotate - [select for diffs], Thu Jul 15 06:57:02 2021 UTC (2 years, 10 months ago) by claudio
Branch: MAIN
Changes since 1.46: +6 -14 lines
Diff to previous 1.46 (colored)
UNVEIL_INSPECT is no longer needed, adjust code accordingly. OK semarie@
Revision 1.46 / (download) - annotate - [select for diffs], Thu Jul 8 13:33:05 2021 UTC (2 years, 11 months ago) by claudio
Branch: MAIN
Changes since 1.45: +3 -54 lines
Diff to previous 1.45 (colored)
Remove the code to store intermediary vnodes in the unveil list. These traversed vnodes are a leftover from early times where realpath(3) was still all done in userland. OK semarie@
Revision 1.45 / (download) - annotate - [select for diffs], Tue Jun 29 07:55:29 2021 UTC (2 years, 11 months ago) by claudio
Branch: MAIN
Changes since 1.44: +16 -9 lines
Diff to previous 1.44 (colored)
Adjust unveil_find_cover() to return -1 if the root vnode is passed in. This helps unveil_add_vnode() to properly re-evaluate unveils when "/" is added to the list. Because of this adjust unveil_covered() to check for the root as well so that in that case the unveil uv is returned instead of NULL. Traversing up from the root returns the root. This check is not really needed since namei has its own root check and shortcuts for root vnodes. OK semarie@
Revision 1.44 / (download) - annotate - [select for diffs], Thu Jun 24 07:21:59 2021 UTC (2 years, 11 months ago) by semarie
Branch: MAIN
Changes since 1.43: +36 -33 lines
Diff to previous 1.43 (colored)
unveil: cleanup code. no intented functional change. return early for simple conditions instead of using navigating inside if-branches. with and ok claudio@
Revision 1.43 / (download) - annotate - [select for diffs], Wed Jun 23 14:09:01 2021 UTC (2 years, 11 months ago) by claudio
Branch: MAIN
Changes since 1.42: +6 -8 lines
Diff to previous 1.42 (colored)
In unveil_add_vnode() refactor code around the indexes i and j. In one place the wrong index is used resulting in re-evaluating all unveil nodes. Also loop over over all but the last (just added vnode) -- again there is no need to re-evaluate the cover of the just added unveil. OK anton@ semarie@
Revision 1.42 / (download) - annotate - [select for diffs], Tue Jun 15 18:42:23 2021 UTC (2 years, 11 months ago) by claudio
Branch: MAIN
Changes since 1.41: +10 -66 lines
Diff to previous 1.41 (colored)
Remove the uvshrink logic and keep the unveil list in the order of insertion. unveil_lookup() is now doing a dumb linear search. The problem with the uvshrink logic was that ps_uvpcwd was a pointer into this array and after compation it pointed to the wrong element. Also future unveil caches would suffer from the same issue. OK semarie@
Revision 1.41 / (download) - annotate - [select for diffs], Wed Jun 9 17:52:47 2021 UTC (3 years ago) by semarie
Branch: MAIN
Changes since 1.40: +1 -6 lines
Diff to previous 1.40 (colored)
unveil: small cleanup for UNVEIL_INSPECT remove two leftover checks which were used when ni_unveil was used with UNVEIL_INSPECT. it was used by: - readlink(2) - removed 2019-08-31 - stat(2) and access(2) - removed 2019-03-24 ok claudio@
Revision 1.40 / (download) - annotate - [select for diffs], Wed Mar 10 10:21:47 2021 UTC (3 years, 3 months ago) by jsg
Branch: MAIN
CVS Tags: OPENBSD_6_9_BASE,
OPENBSD_6_9
Changes since 1.39: +3 -3 lines
Diff to previous 1.39 (colored)
spelling ok gnezdo@ semarie@ mpi@
Revision 1.39 / (download) - annotate - [select for diffs], Sun Mar 22 20:23:36 2020 UTC (4 years, 2 months ago) by anton
Branch: MAIN
CVS Tags: OPENBSD_6_8_BASE,
OPENBSD_6_8,
OPENBSD_6_7_BASE,
OPENBSD_6_7
Changes since 1.38: +2 -4 lines
Diff to previous 1.38 (colored)
remove unused variable; ok beck@ mpi@
Revision 1.38 / (download) - annotate - [select for diffs], Thu Mar 19 14:01:57 2020 UTC (4 years, 2 months ago) by anton
Branch: MAIN
Changes since 1.37: +3 -2 lines
Diff to previous 1.37 (colored)
Separate variable declaration and assignment. No functional change. Requested by mpi@
Revision 1.37 / (download) - annotate - [select for diffs], Thu Mar 19 13:55:20 2020 UTC (4 years, 2 months ago) by anton
Branch: MAIN
Changes since 1.36: +27 -1 lines
Diff to previous 1.36 (colored)
Move unveil data structures away from the proc.h header into the implementation file. Pushing the assignment of ps_uvpcwd down to unveil_add() is required but it doesn't introduce any functional change. ok mpi@ semarie@
Revision 1.36 / (download) - annotate - [select for diffs], Wed Jan 22 07:52:37 2020 UTC (4 years, 4 months ago) by deraadt
Branch: MAIN
Changes since 1.35: +2 -2 lines
Diff to previous 1.35 (colored)
delete wasteful ;; ok tedu
Revision 1.35 / (download) - annotate - [select for diffs], Fri Nov 29 20:58:17 2019 UTC (4 years, 6 months ago) by guenther
Branch: MAIN
Changes since 1.34: +41 -41 lines
Diff to previous 1.34 (colored)
Eliminate the sketchy use of ps_mainproc here by making unveil_add_vnode() take a struct proc* instead of a struct process*, and vice versa making unveil_lookup() take a process* instead of a proc*. ok beck@
Revision 1.34 / (download) - annotate - [select for diffs], Tue Oct 1 18:51:02 2019 UTC (4 years, 8 months ago) by anton
Branch: MAIN
CVS Tags: OPENBSD_6_6_BASE,
OPENBSD_6_6
Changes since 1.33: +18 -10 lines
Diff to previous 1.33 (colored)
Only increment the ps_uvncount counter when a path is successfully added to the corresponding red-black tree; meaning the path was not already present in the tree. This prevents an assertion to trigger in unveil_destroy() later on when the process exits. ok beck@ Reported-by: syzbot+db66362e1ffdc72e5aeb@syzkaller.appspotmail.com
Revision 1.33 / (download) - annotate - [select for diffs], Wed Sep 11 15:01:40 2019 UTC (4 years, 9 months ago) by beck
Branch: MAIN
Changes since 1.32: +39 -11 lines
Diff to previous 1.32 (colored)
Fix unveil for relative lookups in the non AT_FDCWD case Issue spotted by Benjamin Baier <programmer@netzbasis.de> with relative path lookups from openat(2). Lacking a current working directory unveil, operations using the *at functions could fail when not crossing an unveil, since an initial covering unveil was not found. This corrects this so we walk up from the directory vnode to find a covering unveil at the start of non AT_FDCWD lookups, and adds regress for this case. ok bluhm@
Revision 1.32 / (download) - annotate - [select for diffs], Mon Aug 5 13:31:07 2019 UTC (4 years, 10 months ago) by bluhm
Branch: MAIN
Changes since 1.31: +4 -5 lines
Diff to previous 1.31 (colored)
Remove the unused function parameter rootvnode from unveil_add_vnode().
Revision 1.31 / (download) - annotate - [select for diffs], Fri Aug 2 08:12:35 2019 UTC (4 years, 10 months ago) by bluhm
Branch: MAIN
Changes since 1.30: +1 -4 lines
Diff to previous 1.30 (colored)
Move prototypes of unveil(2) functions which are used in separate C files into the common namei.h header. OK deraadt@
Revision 1.30 / (download) - annotate - [select for diffs], Thu Aug 1 15:09:25 2019 UTC (4 years, 10 months ago) by bluhm
Branch: MAIN
Changes since 1.29: +2 -3 lines
Diff to previous 1.29 (colored)
In ufs_lookup() *vpp is always refcounted, also in the ISDOTDOT case even if *vpp == vdp. So in unveil_find_cover() it is wrong to skip dereferencing if parent == vp. This fixes an umount(8) device busy error when unveil(2) and chroot(2) are used together on a file system. reported by Matthias Pitzl; OK deraadt@
Revision 1.29 / (download) - annotate - [select for diffs], Mon Jul 29 23:14:06 2019 UTC (4 years, 10 months ago) by deraadt
Branch: MAIN
Changes since 1.28: +2 -2 lines
Diff to previous 1.28 (colored)
correct mispellings of EACCES; from Kris Katterjohn
Revision 1.28 / (download) - annotate - [select for diffs], Thu Jul 25 09:37:32 2019 UTC (4 years, 10 months ago) by bluhm
Branch: MAIN
Changes since 1.27: +10 -4 lines
Diff to previous 1.27 (colored)
Use process accounting to find programs which try to access files that are hidden by unveil(2). OK deraadt@
Revision 1.27 / (download) - annotate - [select for diffs], Sun Jul 14 03:26:02 2019 UTC (4 years, 10 months ago) by guenther
Branch: MAIN
Changes since 1.26: +12 -6 lines
Diff to previous 1.26 (colored)
Don't lock the struct unveil being created in the child when cloning the parent's during fork() witness reports from ajacoutot@ and Hrvoje Popovski (hrvoje (at) srce.hr) ok visa@
Revision 1.26 / (download) - annotate - [select for diffs], Wed Jun 19 16:55:51 2019 UTC (4 years, 11 months ago) by deraadt
Branch: MAIN
Changes since 1.25: +1 -2 lines
Diff to previous 1.25 (colored)
the pledge STATLIE code is no longer needed, as discussed with beck. it actually isn't reached...
Revision 1.25 / (download) - annotate - [select for diffs], Tue Mar 26 13:41:40 2019 UTC (5 years, 2 months ago) by beck
Branch: MAIN
CVS Tags: OPENBSD_6_5_BASE,
OPENBSD_6_5
Changes since 1.24: +1 -2 lines
Diff to previous 1.24 (colored)
Remove this assert, I can't do this here with UNVEIL_INSPECT added aggressively today. Hopefully post release a glorious flensing will remove UNVEIL_INSPECT anyway Reported-by: syzbot+3375ce307ac7909b907b@syzkaller.appspotmail.com
Revision 1.24 / (download) - annotate - [select for diffs], Sun Mar 24 18:14:20 2019 UTC (5 years, 2 months ago) by beck
Branch: MAIN
Changes since 1.23: +7 -2 lines
Diff to previous 1.23 (colored)
Make stat(2) and access(2) need UNVEIL_READ instead of UNVEIL_INSPECT UNVEIL_INSPECT is a hack we added to get chrome/glib working. It silently adds permission for stat(2), access(2), and readlink(2) to be used on all path components of any unveil'ed path. robert@ has sucessfully now fixed chrome/glib to not require exessive TOC vs TOU stat(2) and access(2) calls on the paths it uses, so that this no longer needed there. readlink(2) is the sole call that is now permitted by UNVEIL_INSPECT, and this is only needed so that realpath(3) can work. Going forward we will likely make a realpath(2), after which we can completely deprecate UNVEIL_INSPECT. ok deraadt@
Revision 1.15.2.1 / (download) - annotate - [select for diffs], Sun Jan 27 22:16:27 2019 UTC (5 years, 4 months ago) by bluhm
Branch: OPENBSD_6_4
Changes since 1.15: +1 -3 lines
Diff to previous 1.15 (colored) next main 1.16 (colored)
sometimes we don't call unveil_add, which means memory allocated by namei doesn't get freed. move the free calls into the same function as namei. fixed bug report from Dariusz Sendkowski from tedu@; OK beck@ namei can return a null dvp on success. check this before access. from tedu@; OK beck@ Reported-by: syzbot+cc59412ed8429450a1ae@syzkaller.appspotmail.com OpenBSD 6.4 errata 013
Revision 1.23 / (download) - annotate - [select for diffs], Mon Jan 21 20:46:52 2019 UTC (5 years, 4 months ago) by tedu
Branch: MAIN
Changes since 1.22: +1 -3 lines
Diff to previous 1.22 (colored)
sometimes we don't call unveil_add, which means memory allocated by namei doesn't get freed. move the free calls into the same function as namei. fixed bug report from Dariusz Sendkowski ok beck
Revision 1.22 / (download) - annotate - [select for diffs], Thu Jan 17 03:26:19 2019 UTC (5 years, 4 months ago) by beck
Branch: MAIN
Changes since 1.21: +39 -12 lines
Diff to previous 1.21 (colored)
Unveil fixes: 1) Correctly notice covering unveil when using .. - fix crash noticed by visa@ 2) Notice when v_mount is NULL to not crash when unveil vnodes are on a forcibly unmounted filesystem, noticed by yasuoka@ 3) Add a flag to ni_data so that failures from unveil flag mismatches in covering unveils return the correct EACCESS instead of ENOENT (noticed by brynet@) ok deraadt@
Revision 1.21 / (download) - annotate - [select for diffs], Mon Jan 14 16:43:47 2019 UTC (5 years, 4 months ago) by deraadt
Branch: MAIN
Changes since 1.20: +3 -6 lines
Diff to previous 1.20 (colored)
backout previous; crashes near mountpoints it seems
Revision 1.20 / (download) - annotate - [select for diffs], Mon Jan 14 04:02:39 2019 UTC (5 years, 4 months ago) by beck
Branch: MAIN
Changes since 1.19: +7 -4 lines
Diff to previous 1.19 (colored)
Fix unveil issue noticed by kn@ where unveil does not notice covering unveil matches when .. is used correctly. Also adds regress based upon his test program for the same issue.
Revision 1.19 / (download) - annotate - [select for diffs], Sun Jan 6 18:33:26 2019 UTC (5 years, 5 months ago) by kettenis
Branch: MAIN
Changes since 1.18: +2 -1 lines
Diff to previous 1.18 (colored)
Clear ps_uvpcwd when we free ps_uvpaths. Fixes a crash seen by kn@ and me where ps_uvpcwd obviously contains a dangling pointer. ok deraadt@, krw@
Revision 1.18 / (download) - annotate - [select for diffs], Thu Jan 3 21:52:31 2019 UTC (5 years, 5 months ago) by beck
Branch: MAIN
Changes since 1.17: +26 -11 lines
Diff to previous 1.17 (colored)
Fix a collection of covering unveil bugs that prevent unveil's of upper level directories from working when you don't traverse into them starting from /. Most found by brynet@ and a few others. ok brynet@ deraadt@
Revision 1.17 / (download) - annotate - [select for diffs], Mon Oct 29 00:11:37 2018 UTC (5 years, 7 months ago) by deraadt
Branch: MAIN
Changes since 1.16: +2 -1 lines
Diff to previous 1.16 (colored)
needs sys/lock.h
Revision 1.16 / (download) - annotate - [select for diffs], Sun Oct 28 22:42:33 2018 UTC (5 years, 7 months ago) by beck
Branch: MAIN
Changes since 1.15: +230 -75 lines
Diff to previous 1.15 (colored)
Correctly deal with upper level unveil's by keeping track of the covering unveil for each unveil in the process at unveil() time, and refactoring the handling of current directory and ISDOTDOT to be much more sensible. Worked out at ns2k18 with guenther@. ok deraadt@
Revision 1.15 / (download) - annotate - [select for diffs], Tue Sep 25 19:24:17 2018 UTC (5 years, 8 months ago) by jasper
Branch: MAIN
CVS Tags: OPENBSD_6_4_BASE
Branch point for: OPENBSD_6_4
Changes since 1.14: +2 -2 lines
Diff to previous 1.14 (colored)
fix typo in comment ok beck@
Revision 1.14 / (download) - annotate - [select for diffs], Tue Aug 28 02:51:55 2018 UTC (5 years, 9 months ago) by beck
Branch: MAIN
Changes since 1.13: +9 -11 lines
Diff to previous 1.13 (colored)
Fix stat of path components - this was breaking chrome - because the final directory in a name unveil was not being added with UNVEIL_INSPECT if it was not already unveiled. Now passes just added regress test for this case
Revision 1.13 / (download) - annotate - [select for diffs], Sat Aug 11 16:16:07 2018 UTC (5 years, 10 months ago) by beck
Branch: MAIN
Changes since 1.12: +17 -20 lines
Diff to previous 1.12 (colored)
Get rid of PLEDGE_STAT, which was a hack used for unveil. We use UNVEIL_INSPECT instead in the unveil flags for the same purpose, and now add traversed vnodes of a path with UNVEIL_INSPECT instead of with 0 flags and voodoo in unveil_flagmatch. This allows us to uncontort the logic of unveil_flagmatch a bunch. helpful review and ok from semarie@
Revision 1.12 / (download) - annotate - [select for diffs], Tue Aug 7 15:07:54 2018 UTC (5 years, 10 months ago) by deraadt
Branch: MAIN
Changes since 1.11: +1 -6 lines
Diff to previous 1.11 (colored)
UNVEIL_* flags defined elsewhere in a .h file
Revision 1.11 / (download) - annotate - [select for diffs], Sun Aug 5 14:23:57 2018 UTC (5 years, 10 months ago) by beck
Branch: MAIN
Changes since 1.10: +29 -23 lines
Diff to previous 1.10 (colored)
Decouple unveil from the pledge flags, by adding dedicated unveil flags to the namei args. This fixes a bug where chmod would be allowed when with only READ. This also allows some further cleanup of some awkward things like PLEDGE_STAT that will follow Lots of assistence from semarie@ - thanks! ok semarie@
Revision 1.10 / (download) - annotate - [select for diffs], Sun Aug 5 13:59:38 2018 UTC (5 years, 10 months ago) by beck
Branch: MAIN
Changes since 1.9: +18 -9 lines
Diff to previous 1.9 (colored)
Prevent a panic when reboot -q is used by making unveil_removevnode sane. ok kettenis@
Revision 1.9 / (download) - annotate - [select for diffs], Mon Jul 30 15:16:27 2018 UTC (5 years, 10 months ago) by deraadt
Branch: MAIN
Changes since 1.8: +10 -10 lines
Diff to previous 1.8 (colored)
rename 2nd argument of unveil from vague "flags" to "permissions"; man page change will follow
Revision 1.8 / (download) - annotate - [select for diffs], Mon Jul 30 00:34:57 2018 UTC (5 years, 10 months ago) by deraadt
Branch: MAIN
Changes since 1.7: +16 -14 lines
Diff to previous 1.7 (colored)
KNF
Revision 1.7 / (download) - annotate - [select for diffs], Sun Jul 29 23:53:04 2018 UTC (5 years, 10 months ago) by beck
Branch: MAIN
Changes since 1.6: +2 -2 lines
Diff to previous 1.6 (colored)
revert accidentally changed prototype
Revision 1.6 / (download) - annotate - [select for diffs], Sun Jul 29 23:11:02 2018 UTC (5 years, 10 months ago) by beck
Branch: MAIN
Changes since 1.5: +6 -3 lines
Diff to previous 1.5 (colored)
Don't exceed UNVEIL_MAX_VNODES with a long path now that we save the traversed vnodes - noticed and fixed by semarie@
Revision 1.5 / (download) - annotate - [select for diffs], Sun Jul 29 22:53:39 2018 UTC (5 years, 10 months ago) by beck
Branch: MAIN
Changes since 1.4: +2 -1 lines
Diff to previous 1.4 (colored)
Make sure we don't count looking at .. as a component as a descending match. Noticed by Stuart Cassoff <3d0g@bell.net>
Revision 1.4 / (download) - annotate - [select for diffs], Fri Jul 20 07:28:36 2018 UTC (5 years, 10 months ago) by beck
Branch: MAIN
Changes since 1.3: +36 -24 lines
Diff to previous 1.3 (colored)
Correctly copy across unveil's from parent to child process on fork().
Revision 1.3 / (download) - annotate - [select for diffs], Tue Jul 17 07:43:34 2018 UTC (5 years, 10 months ago) by krw
Branch: MAIN
Changes since 1.2: +2 -2 lines
Diff to previous 1.2 (colored)
unvname_new() is passed something that is always 64-bits so the parameter should be declared uint64_t and not int. From & for semarie@ who isn't committing at the moment and ok beck@ who is on the road.
Revision 1.2 / (download) - annotate - [select for diffs], Fri Jul 13 13:47:41 2018 UTC (5 years, 11 months ago) by jsg
Branch: MAIN
Changes since 1.1: +1 -2 lines
Diff to previous 1.1 (colored)
unbreak gcc4 build
Revision 1.1 / (download) - annotate - [select for diffs], Fri Jul 13 09:25:23 2018 UTC (5 years, 11 months ago) by beck
Branch: MAIN
Unveiling unveil(2). This brings unveil into the tree, disabled by default - Currently this will return EPERM on all attempts to use it until we are fully certain it is ready for people to start using, but this now allows for others to do more tweaking and experimentation. Still needs to send the unveil's across forks and execs before fully enabling. Many thanks to robert@ and deraadt@ for extensive testing. ok deraadt@