summary refs log tree commit diff
diff options
context:
space:
mode:
-rw-r--r--chat.c13
1 files changed, 4 insertions, 9 deletions
diff --git a/chat.c b/chat.c
index f455b35..87daccd 100644
--- a/chat.c
+++ b/chat.c
@@ -142,13 +142,7 @@ static void unveilData(const char *name) {
 	}
 }
 
-static void sandbox(const char *trust, const char *cert, const char *priv) {
-	int error = pledge(
-		"stdio rpath wpath cpath inet dns tty proc exec unveil", NULL
-	);
-	if (error) err(EX_OSERR, "pledge");
-	if (!self.restricted) return;
-
+static void unveilAll(const char *trust, const char *cert, const char *priv) {
 	dataMkdir("");
 	unveilData("");
 	if (trust) unveilConfig(trust);
@@ -161,7 +155,6 @@ static void sandbox(const char *trust, const char *cert, const char *priv) {
 	} paths[] = {
 		{ "/usr/share/terminfo", "r" },
 		{ tls_default_ca_cert_file(), "r" },
-		{ NULL, NULL },
 	};
 	for (size_t i = 0; i < ARRAY_LEN(paths); ++i) {
 		int error = unveil(paths[i].path, paths[i].perm);
@@ -285,7 +278,9 @@ int main(int argc, char *argv[]) {
 	commandCompleteAdd();
 
 #ifdef __OpenBSD__
-	sandbox(trust, cert, priv);
+	if (self.restricted) unveilAll(trust, cert, priv);
+	int error = pledge("stdio rpath wpath cpath inet dns tty proc exec", NULL);
+	if (error) err(EX_OSERR, "pledge");
 #endif
 
 	ircConfig(insecure, trust, cert, priv);