From 0d7a8dda145c7ee2b6bf27eb32ba006661795181 Mon Sep 17 00:00:00 2001
From: deraadt <deraadt@openbsd.org>
Date: Mon, 24 Sep 2018 22:55:50 +0000
Subject: unveil(2) is easy since this only uses one directory tree (containing
 no exterior pointing symlinks), and a file. In snaps for about 2 months.

---
 usr.sbin/makefs/makefs.c | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

(limited to 'usr.sbin/makefs')

diff --git a/usr.sbin/makefs/makefs.c b/usr.sbin/makefs/makefs.c
index 8946e424926..5b8b4ed823b 100644
--- a/usr.sbin/makefs/makefs.c
+++ b/usr.sbin/makefs/makefs.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: makefs.c,v 1.19 2016/12/17 16:12:15 krw Exp $	*/
+/*	$OpenBSD: makefs.c,v 1.20 2018/09/24 22:55:50 deraadt Exp $	*/
 /*	$NetBSD: makefs.c,v 1.53 2015/11/27 15:10:32 joerg Exp $	*/
 
 /*
@@ -198,6 +198,10 @@ main(int argc, char *argv[])
 	if (argc != 2)
 		usage();
 
+	if (unveil(argv[0], "rwc") == -1)
+		err(1, "unveil");
+	if (unveil(argv[1], "rw") == -1)
+		err(1, "unveil");
 	if (pledge("stdio rpath wpath cpath", NULL) == -1)
 		err(1, "pledge");
 
-- 
cgit v1.2.3-59-g8ed1b