commit c39c25dd23520cd77d4ecfdf72d76892d0813076
from: Stefan Sperling <stsp@stsp.name>
date: Fri Aug 09 12:35:32 2019 UTC

improve error message if helper binaries fail to unveil(2)

commit - 303e2782e0a61a1cf76da52a945ab8645a8a78ca
commit + c39c25dd23520cd77d4ecfdf72d76892d0813076
blob - df3fdff63112138a8d1e5e73ee27f1a8d8d412ac
blob + f1ce37f56adc95e212cca7ec18ec0d69629deac9
--- lib/privsep.c
+++ lib/privsep.c
@@ -44,6 +44,10 @@
 
 #ifndef MIN
 #define	MIN(_a,_b) ((_a) < (_b) ? (_a) : (_b))
+#endif
+
+#ifndef nitems
+#define nitems(_a)	(sizeof((_a)) / sizeof((_a)[0]))
 #endif
 
 static const struct got_error *
@@ -1214,13 +1218,21 @@ got_privsep_send_packed_obj_req(struct imsgbuf *ibuf, 
 const struct got_error *
 got_privsep_unveil_exec_helpers(void)
 {
-	if (unveil(GOT_PATH_PROG_READ_PACK, "x") != 0 ||
-	    unveil(GOT_PATH_PROG_READ_OBJECT, "x") != 0 ||
-	    unveil(GOT_PATH_PROG_READ_COMMIT, "x") != 0 ||
-	    unveil(GOT_PATH_PROG_READ_TREE, "x") != 0 ||
-	    unveil(GOT_PATH_PROG_READ_BLOB, "x") != 0 ||
-	    unveil(GOT_PATH_PROG_READ_TAG, "x") != 0)
-		return got_error_from_errno("unveil");
+	const char *helpers[] = {
+	    GOT_PATH_PROG_READ_PACK,
+	    GOT_PATH_PROG_READ_OBJECT,
+	    GOT_PATH_PROG_READ_COMMIT,
+	    GOT_PATH_PROG_READ_TREE,
+	    GOT_PATH_PROG_READ_BLOB,
+	    GOT_PATH_PROG_READ_TAG,
+	};
+	int i;
 
+	for (i = 0; i < nitems(helpers); i++) {
+		if (unveil(helpers[i], "x") == 0)
+			continue;
+		return got_error_from_errno2("unveil", helpers[i]);
+	}
+
 	return NULL;
 }