unveil(2) (∞)


The unveil system call limits the filesystem open call to a given set of paths. It extends the idea of pledge: simply limiting programs to open is insufficient, because open is valid for the the whole filesystem.

For example, why should a program like passwd(1) have access to your file system beyond /etc/passwd and /etc/shadow? If there is a security bug in passwd then effects would be quite limited.

The function first appeared in OpenBSD 6.4.

Details: