The unveil system call limits the filesystem open call to a
given set of paths. It extends the idea of pledge:
simply limiting programs to open is insufficient, because open is valid
for the the whole filesystem.
For example, why should a program like passwd(1) have access to your file
system beyond /etc/passwd and /etc/shadow?
If there is a security bug in passwd then effects would be quite limited.
Details:
- The function first appeared in OpenBSD 6.4.
- unveil(2) - OpenBSD manual pages
- passwd(1) - OpenBSD manual pages
- src/local_passwd.c GitHub