commit 2d3cc76f6d5c2eb4a23f0dbebe5ef779f07b947b
from: Omar Polo <op@omarpolo.com>
date: Mon Jan 25 14:58:54 2021 UTC

we don't need unveil "x" in listener

not a big deal, since the pledge prohibits us to exec, but
nevertheless.

commit - 6c117838be051c7cdd769ca74708323f6c7f25cd
commit + 2d3cc76f6d5c2eb4a23f0dbebe5ef779f07b947b
blob - 030112b7c7add802dfb02435d3606f4a8e15dee2
blob + cf6ee8b85868af7e880f44935e0ebed11859caf1
--- sandbox.c
+++ sandbox.c
@@ -245,7 +245,7 @@ sandbox()
 	struct vhost *h;
 
 	for (h = hosts; h->domain != NULL; ++h) {
-		if (unveil(h->dir, "rx") == -1)
+		if (unveil(h->dir, "r") == -1)
 			err(1, "unveil %s for domain %s", h->dir, h->domain);
 	}