The (not perfectly obvious) way catgirl crafts directories gets triggered
by unveilAll() even if no passed option requires filesystem access:
$ env -i TERM=xterm ./catgirl -h irc.hackint.eu -R -n nobody
catgirl: HOME unset
Here unveil(2) is used due to the "restrict" option, but besides terminfo(5)
and certificates catgirl does not need any other files, yet it tries to init
the data path -- passing XDG_DATA_HOME=/var/empty makes above invocation work
showing how the then successful path setup is not required.
Fix this by not unveiling the unneeded data path in the first place.
---
chat.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/chat.c b/chat.c
index 23ad335..e5527ac 100644
--- a/chat.c
+++ b/chat.c
@@ -145,8 +145,10 @@ static void unveilData(const char *name) {
}
static void unveilAll(const char *trust, const char *cert, const char *priv) {
- dataMkdir("");
- unveilData("");
+ if (save || logEnable) {
+ dataMkdir("");
+ unveilData("");
+ }
if (trust) unveilConfig(trust);
if (cert) unveilConfig(cert);
if (priv) unveilConfig(priv);
--
2.31.1