commit 3c7ed8d83ed06a3b7f30ceb6ba692e515f91e980
from: Omar Polo <op@omarpolo.com>
date: Fri Jun 07 18:25:52 2024 UTC

sandbox: temporarly disable unveil(2) on OpenBSD

I'd like to use execlp() in the near future, which means that unveil
needs to be disabled.  It's already virtually disabled, since we
can shell out to execute stuff, so it's not a great loss.

This will be improved in the future once the "core" process will
be split off the UI.

commit - 0fceedb5fedbf154222ba2e675ee20bd5651008f
commit + 3c7ed8d83ed06a3b7f30ceb6ba692e515f91e980
blob - 93d2b08be50bfeaa5e4a9a49c0c0cddb022d752f
blob + 629f87dee1f5e83d4b8de5239252a20d95b6a129
--- sandbox.c
+++ sandbox.c
@@ -39,6 +39,7 @@ sandbox_net_process(void)
 void
 sandbox_ui_process(void)
 {
+#if notyet
 	char path[PATH_MAX];
 
 	if (unveil("/tmp", "rwc") == -1)
@@ -60,6 +61,7 @@ sandbox_ui_process(void)
 
 	if (unveil("/bin/sh", "rx") == -1)
 		err(1, "unveil(xdg-open)");
+#endif
 
 	if (pledge("stdio rpath wpath cpath unix tty proc exec",
 	    NULL) == -1)