vmctl(8): remove unveil from disk image creation routines

James Cook reported an issue creating images from qcow2 disks that
contained base images. Initial approach suggested was to replace the
use of realpath(3), but since this is common code used in vmd(8) the
better option is to just remove the use of unveil(1) in vmctl. (It was
added very early in vmctl's development before support for disk
conversion was added.)

This does not change existing unveil usage in vmctl for things like the
control socket or the serial console. There's no change to vmd either.

Discussed with and OK from mlarkin@

diff --git a/usr.sbin/vmctl/main.c b/usr.sbin/vmctl/main.c
index 1a8460a..8bfa3b7 100644 (file)
--- a/usr.sbin/vmctl/main.c
+++ b/usr.sbin/vmctl/main.c
@@ -1,4 +1,4 @@
-/*     $OpenBSD: main.c,v 1.64 2021/04/02 19:07:18 dv Exp $    */
+/*     $OpenBSD: main.c,v 1.65 2021/05/12 20:13:00 dv Exp $    */
 
 /*
  * Copyright (c) 2015 Reyk Floeter <reyk@openbsd.org>
@@ -569,13 +569,9 @@ ctl_create(struct parse_result *res, int argc, char *argv[])
                switch (ch) {
                case 'b':
                        base = optarg;
-                       if (unveil(base, "r") == -1)
-                               err(1, "unveil");
                        break;
                case 'i':
                        input = optarg;
-                       if (unveil(input, "r") == -1)
-                               err(1, "unveil");
                        break;
                case 's':
                        if (parse_size(res, optarg) != 0)
@@ -594,10 +590,8 @@ ctl_create(struct parse_result *res, int argc, char *argv[])
 
        type = parse_disktype(argv[0], &disk);
 
-       if (pledge("stdio rpath wpath cpath unveil", NULL) == -1)
+       if (pledge("stdio rpath wpath cpath", NULL) == -1)
                err(1, "pledge");
-       if (unveil(disk, "rwc") == -1)
-               err(1, "unveil");
 
        if (input) {
                if (base && input)
@@ -605,9 +599,6 @@ ctl_create(struct parse_result *res, int argc, char *argv[])
                return ctl_convert(input, disk, type, res->size);
        }
 
-       if (unveil(NULL, NULL))
-               err(1, "unveil");
-
        if (base && type != VMDF_QCOW2)
                errx(1, "base images require qcow2 disk format");
        if (res->size == 0 && !base) {
@@ -655,10 +646,6 @@ ctl_convert(const char *srcfile, const char *dstfile, int dsttype, size_t dstsiz
                goto done;
        }
 
-       /* We can only lock unveil after opening the disk and all base images */
-       if (unveil(NULL, NULL))
-               err(1, "unveil");
-
        if (dstsize == 0)
                dstsize = src.size;
        else

diff --git a/usr.sbin/vmctl/vmctl.c b/usr.sbin/vmctl/vmctl.c
index 8a8d153..7871eac 100644 (file)
--- a/usr.sbin/vmctl/vmctl.c
+++ b/usr.sbin/vmctl/vmctl.c
@@ -1,4 +1,4 @@
-/*     $OpenBSD: vmctl.c,v 1.77 2021/03/22 18:50:11 kn Exp $   */
+/*     $OpenBSD: vmctl.c,v 1.78 2021/05/12 20:13:00 dv Exp $   */
 
 /*
  * Copyright (c) 2014 Mike Larkin <mlarkin@openbsd.org>
@@ -885,14 +885,6 @@ open_imagefile(int type, const char *imgfile_path, int flags,
                        } else if (ret == 0)
                                break;
 
-                       /*
-                        * This might be called after unveil is already
-                        * locked but it is save to ignore the EPERM error
-                        * here as the subsequent open would fail as well.
-                        */
-                       if ((ret = unveil(path, "r")) != 0 &&
-                           (ret != EPERM))
-                               err(1, "unveil");
                        if ((basefd[i + 1] = open(path, O_RDONLY)) == -1) {
                                log_warn("%s: failed to open base %s",
                                    __func__, path);
@@ -951,4 +943,3 @@ create_imagefile(int type, const char *imgfile_path, const char *base_path,
 
        return (ret);
 }
-