document the current limitation (we don't yet find an above covering

author beck <beck@openbsd.org>

Mon, 30 Jul 2018 00:30:15 +0000 (00:30 +0000)

committer beck <beck@openbsd.org>

Mon, 30 Jul 2018 00:30:15 +0000 (00:30 +0000)
author beck <beck@openbsd.org>
Mon, 30 Jul 2018 00:30:15 +0000 (00:30 +0000)
committer beck <beck@openbsd.org>
Mon, 30 Jul 2018 00:30:15 +0000 (00:30 +0000)
diff --git a/lib/libc/sys/unveil.2 b/lib/libc/sys/unveil.2

index 4c3a9b0..69dbd32 100644 (file)
--- a/lib/libc/sys/unveil.2
+++ b/lib/libc/sys/unveil.2
@@ -1,4 +1,4 @@
-.\" $OpenBSD: unveil.2,v 1.6 2018/07/28 18:06:30 deraadt Exp $
+.\" $OpenBSD: unveil.2,v 1.7 2018/07/30 00:30:15 beck Exp $
  .\"
  .\" Copyright (c) 2018 Bob Beck <beck@openbsd.org>
  .\"
@@ -14,7 +14,7 @@
  .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
  .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  .\"
-.Dd $Mdocdate: July 28 2018 $
+.Dd $Mdocdate: July 30 2018 $
  .Dt UNVEIL 2
  .Os
  .Sh NAME
@@ -155,6 +155,16 @@ was not accessible, or
  .Nm
  was called after it was locked.
  .El
+.Sh BUGS
+Filesystem lookups work today when they cross an
+.Fn unveil
+during
+.Xr namei 9 lookup in the kernel. A program that
+does relative operations below a higher
+.Fn unveil
+may currently not see the parts of the filesystem
+underneath the high level unveil. This is actively
+being worked on. 
  .Sh HISTORY
  The
  .Fn unveil
author	beck <beck@openbsd.org>
	Mon, 30 Jul 2018 00:30:15 +0000 (00:30 +0000)
committer	beck <beck@openbsd.org>
	Mon, 30 Jul 2018 00:30:15 +0000 (00:30 +0000)