commit eea47b7eab5ae60db6af643e9518a0b691d13bc6
from: Stefan Sperling <stsp@stsp.name>
date: Fri Jan 04 17:22:11 2019 UTC

apply unveil(2) to worktree tests

commit - c89f2770ddf57a1a5692ab4a1009674b0a66f3fd
commit + eea47b7eab5ae60db6af643e9518a0b691d13bc6
blob - ecfab51c820614ea924b11e4829079a464a83c6d
blob + cdad09e7e56d8a00cae07f2eeca23f2cbfea7891
--- regress/worktree/worktree_test.c
+++ regress/worktree/worktree_test.c
@@ -35,6 +35,7 @@
 #include "got_repository.h"
 #include "got_worktree.h"
 #include "got_opentemp.h"
+#include "got_privsep.h"
 
 #include "got_lib_worktree.h"
 #include "got_lib_path.h"
@@ -395,11 +396,12 @@ main(int argc, char *argv[])
 {
 	int test_ok = 0, failure = 0;
 	const char *repo_path;
+	char *cwd = NULL;
 	int ch;
 
 #ifndef PROFILE
-	if (pledge("stdio rpath wpath cpath flock proc exec sendfd", NULL)
-	    == -1)
+	if (pledge("stdio rpath wpath cpath flock proc exec sendfd unveil",
+	    NULL) == -1)
 		err(1, "pledge");
 #endif
 
@@ -425,6 +427,25 @@ main(int argc, char *argv[])
 		return 1;
 	}
 
+	cwd = getcwd(NULL, 0);
+	if (cwd == NULL)
+		err(1, "getcwd");
+	if (unveil(cwd, "rwc") != 0)
+		err(1, "unvail");
+	free(cwd);
+
+	if (unveil("/tmp", "rwc") != 0)
+		err(1, "unveil");
+
+	if (unveil(repo_path, "r") != 0)
+		err(1, "unveil");
+
+	if (got_privsep_unveil_exec_helpers() != NULL)
+		return 1;
+
+	if (unveil(NULL, NULL) != 0)
+		err(1, "unveil");
+
 	RUN_TEST(worktree_init(repo_path), "init");
 	RUN_TEST(worktree_init_exists(repo_path), "init exists");
 	RUN_TEST(worktree_checkout(repo_path), "checkout");