On Fri, 20 Mar 2020 20:54:57 +0100 Hiltjo Posthuma <[email protected]> wrote:
Dear Hiltjo, > The eunveil(NULL, NULL) lines are not needed here, because pledge is > called right after without the "unveil" promise (but it doesn't > really matter except saving 2 lines). > > from the unveil(2) man page: > > "After establishing a collection of path and permissions rules, > future calls to unveil() can be disabled by passing two NULL > arguments. Alternatively, pledge(2) may be used to remove the > "unveil" promise." thanks for your remark, which is completely right! I chose to add the calls anyway so one can explicitly see that unveil is "locked down" rather than implicitly by pledge, but maybe a comment would suffice here as well. With best regards Laslo
