OpenBSD: merge unveil and pledge logic a bit

This reads somewhat clearer as code is grouped by features instead of security mechanisms by simply merging identical tests/conditions. No functional change.
author: Klemens Nanni 2021-06-29 00:03:00 +0000
committer: C. McEnroe 2021-07-13 15:16:22 -0400
commit: 5bfba6df528d2d57daac93708b0dca6360711a80 (patch)
tree: 076a294571970b487a5e0a60c8ed770d50b1ded2 /chat.c
parent: 7793ca36bb5aadee1a6f5e2708ec2ff9917aba6b (diff)
1 files changed, 5 insertions, 6 deletions
diff --git a/chat.c b/chat.c
index 0bdb69c..ab0678a 100644
--- a/chat.c
+++ b/chat.c
@@ -282,24 +282,23 @@ int main(int argc, char *argv[]) {
 	}
 
 #ifdef __OpenBSD__
+	char promises[64] = "stdio tty";
+	char *ptr = &promises[strlen(promises)], *end = &promises[sizeof(promises)];
+
 	if (log) {
 		const char *logdir = dataMkdir("log");
 		int error = unveil(logdir, "wc");
 		if (error) err(EX_OSERR, "unveil");
+		ptr = seprintf(ptr, end, " wpath cpath");
 	}
 
 	if (!self.restricted) {
 		int error = unveil("/", "x");
 		if (error) err(EX_OSERR, "unveil");
+		ptr = seprintf(ptr, end, " proc exec");
 	}
 
-	char promises[64] = "stdio tty";
-	char *ptr = &promises[strlen(promises)], *end = &promises[sizeof(promises)];
-	if (log) ptr = seprintf(ptr, end, " wpath cpath");
-	if (!self.restricted) ptr = seprintf(ptr, end, " proc exec");
-
 	char *promisesInitial = ptr;
-
 	ptr = seprintf(ptr, end, " inet dns");
 	int error = pledge(promises, NULL);
 	if (error) err(EX_OSERR, "pledge");
author	Klemens Nanni	2021-06-29 00:03:00 +0000
committer	C. McEnroe	2021-07-13 15:16:22 -0400
commit	5bfba6df528d2d57daac93708b0dca6360711a80 (patch)
tree	076a294571970b487a5e0a60c8ed770d50b1ded2 /chat.c
parent	7793ca36bb5aadee1a6f5e2708ec2ff9917aba6b (diff)