From 5bfba6df528d2d57daac93708b0dca6360711a80 Mon Sep 17 00:00:00 2001
From: Klemens Nanni <klemens@posteo.de>
Date: Tue, 29 Jun 2021 00:03:00 +0000
Subject: OpenBSD: merge unveil and pledge logic a bit

This reads somewhat clearer as code is grouped by features instead of
security mechanisms by simply merging identical tests/conditions.

No functional change.
---
 chat.c | 11 +++++------
 1 file changed, 5 insertions(+), 6 deletions(-)

diff --git a/chat.c b/chat.c
index 0bdb69c..ab0678a 100644
--- a/chat.c
+++ b/chat.c
@@ -282,24 +282,23 @@ int main(int argc, char *argv[]) {
 	}
 
 #ifdef __OpenBSD__
+	char promises[64] = "stdio tty";
+	char *ptr = &promises[strlen(promises)], *end = &promises[sizeof(promises)];
+
 	if (log) {
 		const char *logdir = dataMkdir("log");
 		int error = unveil(logdir, "wc");
 		if (error) err(EX_OSERR, "unveil");
+		ptr = seprintf(ptr, end, " wpath cpath");
 	}
 
 	if (!self.restricted) {
 		int error = unveil("/", "x");
 		if (error) err(EX_OSERR, "unveil");
+		ptr = seprintf(ptr, end, " proc exec");
 	}
 
-	char promises[64] = "stdio tty";
-	char *ptr = &promises[strlen(promises)], *end = &promises[sizeof(promises)];
-	if (log) ptr = seprintf(ptr, end, " wpath cpath");
-	if (!self.restricted) ptr = seprintf(ptr, end, " proc exec");
-
 	char *promisesInitial = ptr;
-
 	ptr = seprintf(ptr, end, " inet dns");
 	int error = pledge(promises, NULL);
 	if (error) err(EX_OSERR, "pledge");
-- 
cgit 1.4.1