Awesome!<p>Given the Chrome example starting on page 6, here's my guess as to how pledge and unveil will contain Chrome to e.g. protect SSH keys. First, 3 of the 5 Chrome processes are already pledged to disallow filesystem reads. The two remaining ones (RenderProcess and UtilityProcess) can be unveiled to allow directories like<p><pre><code> * ~/.config/chromium
* ~/.cache/chromium
* ~/Downloads
* /tmp
* and anything important I don't know of
</code></pre>
Additionally, if unveil works like pledge and can be further restricted after e.g. reading files into memory, unveils can then be undone. Anyone know if the following would work to first allow access to /tmp and then revoke that access?<p><pre><code> unveil("/tmp", "rw");
/* do some work */
unveil("/tmp", "");</code></pre>