I'm not sure that I wasn't ambiguous. I want to be able to set up all necessary unveil promises then from that point on, be able to only reduce unveil permissions. I don't know the mechanism by which is unveil works, but perhaps it could be an unveil command similar to unveil(NULL, NULL) instead of a pledge command? It apparently knows if it is an increase in permissions, can't it be set to only permit them?
On Thu, Aug 16, 2018 at 2:00 PM Luke Small <lukensm...@gmail.com> wrote: > Ok. Thanks. > On Thu, Aug 16, 2018 at 1:59 PM Theo de Raadt <dera...@openbsd.org> wrote: > >> Luke Small <lukensm...@gmail.com> wrote: >> > Could you have a promise for unveil reductions only? >> >> That won't actually help much, and people will fall into some >> pretty significant traps. >> >> Sorry it would require a really long explanation. >> >
