commit 75983083f49930cbff74c2bdbbce265dc5302009
from: Omar Polo <op@omarpolo.com>
date: Wed Mar 29 17:16:21 2023 UTC

pe: restrict pledge

the children are pre-forked, so at runtime only "stdio" is needed.

commit - b031debf35af538a6bd7d352717aa2ec69e83dd9
commit + 75983083f49930cbff74c2bdbbce265dc5302009
blob - 196eb5e9e3d68ab259d4b19299da6063cc54fab4
blob + 871384da610e9b004ff4aa6e19419da2465492db
--- pe
+++ pe
@@ -28,8 +28,7 @@ sub process {
 	print $handle $_ foreach @_;
 }
 
-unveil("./mexp", "rx") or die "unveil mexp: $!";
-pledge("stdio proc exec") or die "pledge: $!";
+pledge("stdio") or die "pledge: $!";
 
 my @thread;
 while (<>) {