> > + nd.ni_unveil = 0; /* XXX No flags == allow it */ > > see my comment about ni_unveil != 0. > > as you still have check on (ni_pledge & PLEDGE_STAT), it should be still > ok. >
It doesn't actually do this yt.. this comment was a reminder for me and should have had allow it? for my dealig with PLEDGE_STAT afterwards I'm intend on making another flag for that the "you have to be able to access it" a-la PLEDGE_STAT which was a hack - and clean that up in a separate diff. so no, 0 flags won't be "allow it"
