Reference unveil(2) in system accounting and daily.8.

Reminder that unveil does not kill from brynet and gsoares.
Wording tweaks from jmc; feedback from deraadt.

ok jmc@, millert@, solene@, "fine with me" deraadt@

4 files changed, 16 insertions, 15 deletions

diff --git a/lib/libc/sys/acct.2 b/lib/libc/sys/acct.2
index f8b184ce0b6..5575f4cd941 100644
--- a/lib/libc/sys/acct.2
+++ b/lib/libc/sys/acct.2
@@ -1,4 +1,4 @@
-.\"	$OpenBSD: acct.2,v 1.18 2015/09/10 17:55:21 schwarze Exp $
+.\"	$OpenBSD: acct.2,v 1.19 2020/07/26 13:27:23 rob Exp $
 .\"	$NetBSD: acct.2,v 1.6 1995/02/27 12:31:47 cgd Exp $
 .\"
 .\" Copyright (c) 1980, 1991, 1993
@@ -30,7 +30,7 @@
 .\"
 .\"     @(#)acct.2	8.1 (Berkeley) 6/4/93
 .\"
-.Dd $Mdocdate: September 10 2015 $
+.Dd $Mdocdate: July 26 2020 $
 .Dt ACCT 2
 .Os
 .Sh NAME
@@ -51,14 +51,13 @@ is
 accounting is disabled.
 If
 .Fa file
-is an existing, NUL-terminated pathname, record collection is enabled
-and for every process initiated which terminates under normal conditions
+is an existing, NUL-terminated pathname, record collection is enabled.
+For every process initiated which terminates under normal conditions or
+misbehaves in very specific ways (e.g. file access prevented by unveil),
 an accounting record is appended to
 .Fa file .
 Abnormal conditions of termination are reboots or other
 fatal system problems.
-Records for processes which never terminate cannot be produced by
-.Fn acct .
 .Fn acct
 is only available on kernels compiled with the
 .Cm ACCOUNTING
diff --git a/share/man/man5/acct.5 b/share/man/man5/acct.5
index 6b91db718c2..f973459b51f 100644
--- a/share/man/man5/acct.5
+++ b/share/man/man5/acct.5
@@ -1,4 +1,4 @@
-.\"	$OpenBSD: acct.5,v 1.20 2019/09/09 20:02:26 bluhm Exp $
+.\"	$OpenBSD: acct.5,v 1.21 2020/07/26 13:27:24 rob Exp $
 .\"	$NetBSD: acct.5,v 1.4 1995/10/22 01:40:10 ghudson Exp $
 .\"
 .\" Copyright (c) 1991, 1993
@@ -30,7 +30,7 @@
 .\"
 .\"     @(#)acct.5	8.1 (Berkeley) 6/5/93
 .\"
-.Dd $Mdocdate: September 9 2019 $
+.Dd $Mdocdate: July 26 2020 $
 .Dt ACCT 5
 .Os
 .Sh NAME
@@ -43,7 +43,8 @@ The kernel maintains the following
 .Fa acct
 information structure for all
 processes.
-If a process terminates, and accounting is enabled, the kernel calls the
+If a process terminates or misbehaves in specific ways,
+and accounting is enabled, the kernel calls the
 .Xr acct 2
 function call to prepare and append the record
 to the accounting file.
@@ -90,7 +91,7 @@ int	acct_shutdown(void);
 #endif
 .Ed
 .Pp
-If a terminated process was created by an
+If a terminated or misbehaving process was created by an
 .Xr execve 2 ,
 the name of the executed file (at most ten characters of it)
 is saved in the field
diff --git a/share/man/man8/daily.8 b/share/man/man8/daily.8
index d38fa804549..aea087a050f 100644
--- a/share/man/man8/daily.8
+++ b/share/man/man8/daily.8
@@ -1,4 +1,4 @@
-.\"	$OpenBSD: daily.8,v 1.27 2017/07/13 19:16:33 jmc Exp $
+.\"	$OpenBSD: daily.8,v 1.28 2020/07/26 13:27:24 rob Exp $
 .\"
 .\" Copyright (c) 2003 Jason McIntyre <jmc@openbsd.org>
 .\"
@@ -14,7 +14,7 @@
 .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 .\"
-.Dd $Mdocdate: July 13 2017 $
+.Dd $Mdocdate: July 26 2020 $
 .Dt DAILY 8
 .Os
 .Sh NAME
@@ -75,7 +75,8 @@ Removes scratch and junk files from
 Purges accounting records from
 .Pa /var/account ,
 if they exist.
-Processes that were killed due to pledge or memory access violations
+Processes that were killed due to pledge or memory access violations,
+or had file access prevented by unveil,
 are reported in the daily mail.
 See
 .Xr accton 8 ,
diff --git a/sys/kern/kern_acct.c b/sys/kern/kern_acct.c
index f46ebf61d88..a0f55a1c1ce 100644
--- a/sys/kern/kern_acct.c
+++ b/sys/kern/kern_acct.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: kern_acct.c,v 1.42 2019/10/22 21:19:22 cheloha Exp $	*/
+/*	$OpenBSD: kern_acct.c,v 1.43 2020/07/26 13:27:24 rob Exp $	*/
 /*	$NetBSD: kern_acct.c,v 1.42 1996/02/04 02:15:12 christos Exp $	*/
 
 /*-
@@ -233,7 +233,7 @@ acct_process(struct proc *p)
 	else
 		acct.ac_tty = NODEV;
 
-	/* (8) The boolean flags that tell how the process terminated, etc. */
+	/* (8) The boolean flags that tell how process terminated or misbehaved. */
 	acct.ac_flag = pr->ps_acflag;
 
 	/*