From 5ee8c07e7e3e601fce49fbc2b170227924be3804 Mon Sep 17 00:00:00 2001
From: Laslo Hunhold <dev@frign.de>
Date: Fri, 20 Mar 2020 20:35:34 +0100
Subject: [PATCH] Fix unveil(2) usage

Thanks to the feedback by z0lqLA! I forgot that unveil(NULL, NULL)
only locks further unveil calls when there has been at least _one_ prior
call to unveil!

To fix this, we reorder the calls and also make sure to call unveil()
before we disallow unveils via pledge.

Signed-off-by: Laslo Hunhold <dev@frign.de>
---
 main.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/main.c b/main.c
index c1ff489..eab952d 100644
--- a/main.c
+++ b/main.c
@@ -387,10 +387,13 @@ main(int argc, char *argv[])
 		exit(0);
 	default:
 		/* limit ourselves even further while we are waiting */
-		eunveil(NULL, NULL);
 		if (udsname) {
+			eunveil(udsname, "c");
+			eunveil(NULL, NULL);
 			epledge("stdio cpath", NULL);
 		} else {
+			eunveil("/", "");
+			eunveil(NULL, NULL);
 			epledge("stdio", NULL);
 		}