While porting my application I noticed unveil(".", "rwc"); returns an error and sets errno = EINVAL on SerenityOS.
On OpenBSD this is valid.
I use the following code on OpenBSD to mark the filesystem read-only, except for the current directory:
https://codemadness.org/git/sfeed/file/sfeed_gopher.c.html#l132
In a nutshell:
unveil("/", "r");
unveil(".", "rwc");
pledge("stdio rpath wpath cpath", NULL);
SerenityOSΒ /Β serenity
The Serenity Operating System π
30.6k
Contributors get 100% of received funds after fees
How does funding with Polar work?
1
Pay now to fund the work behind this issue.
2
Get updates on progress being made.
3
Maintainer is rewarded once the issue is completed.
FAQ
Backer
You're funding impactful open source efforts
Contributor
You want to contribute to this effort
Maintainer
You want to get funding like this too