commit 63c6b10f7b78b600251e3eb2622e0db7db0f8aa0
from: Stefan Sperling <stsp@stsp.name>
date: Tue Nov 14 11:00:13 2023 UTC

reduce gotwebd pledges to the minimum currently required; with op@

commit - 6fe3b58aaa9bdb466eabad75eb65bce86d7155af
commit + 63c6b10f7b78b600251e3eb2622e0db7db0f8aa0
blob - 61fb6877f63be71b25e656fc29c058fc075dcd89
blob + 858cf85ab602d28a7ce1fc715b2de0d6f6e19ddd
--- gotwebd/gotwebd.c
+++ gotwebd/gotwebd.c
@@ -259,7 +259,7 @@ main(int argc, char **argv)
 		err(1, "unveil");
 
 #ifndef PROFILE
-	if (pledge("stdio rpath wpath cpath inet unix", NULL) == -1)
+	if (pledge("stdio", NULL) == -1)
 		err(1, "pledge");
 #endif
 
blob - 41cd91c3bd6c1f4770326a36d2946029e390fb11
blob + 62a293eeac4877b0dbd3ba7efad3968b35396de3
--- gotwebd/sockets.c
+++ gotwebd/sockets.c
@@ -113,8 +113,8 @@ sockets_run(struct privsep *ps, struct privsep_proc *p
 	signal_add(&ps->ps_evsigchld, NULL);
 
 #ifndef PROFILE
-	if (pledge("stdio rpath wpath cpath inet recvfd proc exec sendfd "
-	    "unveil", NULL) == -1)
+	if (pledge("stdio rpath inet recvfd proc exec sendfd unveil",
+	    NULL) == -1)
 		fatal("pledge");
 #endif
 }