After pledge is immediately called without the unveil promise so this seems redundant.
diff --git a/usr.sbin/rpki-client/main.c b/usr.sbin/rpki-client/main.c index f05ec1c5837..53ee4223371 100644 --- a/usr.sbin/rpki-client/main.c +++ b/usr.sbin/rpki-client/main.c @@ -1498,8 +1498,6 @@ main(int argc, char *argv[]) /* Only allow access to BASE_DIR. */ if (unveil(BASE_DIR, "r") == -1) err(1, "%s: unveil", BASE_DIR); - if (unveil(NULL, NULL) == -1) - err(1, "unveil"); if (pledge("stdio rpath", NULL) == -1) err(1, "pledge"); proc_parser(fd[0], force);