openpty() family of functions use /dev/ptm PTMGET to open a master+slave fd
pair, and also provides their names. Internally, 3 NDINIT+namei operations
access /dev/[tp]ty[p-zP-T][0-9a-zA-Z], of these 2 followed unveil restrictions.
I argue if you unveil /dev/ptm, (and not the 372 other nodes), you still want
openpty() to provide you with working fd's, and the names, which the caller
will probably never open manually, because the fd's are given.
So change all NDINIT to use KERNELPATH, bypassing unveil.
ok semarie
projects / openbsd / commit