On 2023/01/04 21:57:26 +0100, Stefan Sperling <stsp@stsp.name> wrote:
> It occurred to me that the gotd listen process is able to create
> new unix sockets via bind(2) because it does not use unveil(2)
> to block its view of the filesystem.
> 
> I have verified that a socket can indeed be bound successfully after
> pledge("stdio unix"), and that bind(2) fails with ENOENT when the code
> in apply_unveil_none() is run between pledge("stdio unix") and bind(2).
> 
> ok?

like it's done for the auth process.  ok op@