commit 95bb542a095f9ba20454e45a2a3156789b1f040e
from: Stefan Sperling <stsp@stsp.name>
via: Thomas Adam <thomas@xteddy.org>
date: Sat Mar 30 17:21:23 2024 UTC

call unveil earlier in 'got commit'

We now know that unveil(2) will never traverse exec.
No need to wait with unveil until the editor has been run.

ok op@

commit - 8f9af3fc83b84113522ee2edd3f33017d88f4337
commit + 95bb542a095f9ba20454e45a2a3156789b1f040e
blob - 347f564a231506dbd1e61eb59503045f88bace6e
blob + 15be14451d6e4516b1f1d382d1de6a98cf51d3c0
--- got/got.c
+++ got/got.c
@@ -9149,10 +9149,6 @@ done:
 
 	if (fd != -1 && close(fd) == -1 && err == NULL)
 		err = got_error_from_errno2("close", a->logmsg_path);
-
-	/* Editor is done; we can now apply unveil(2) */
-	if (err == NULL)
-		err = apply_unveil(a->repo_path, 0, a->worktree_path);
 	if (err) {
 		free(*logmsg);
 		*logmsg = NULL;
@@ -9422,15 +9418,18 @@ cmd_commit(int argc, char *argv[])
 	if (author == NULL)
 		author = committer;
 
-	/*
-	 * unveil(2) traverses exec(2); if an editor is used we have
-	 * to apply unveil after the log message has been written.
-	 */
-	if (logmsg == NULL || strlen(logmsg) == 0)
+	if (logmsg == NULL || strlen(logmsg) == 0) {
 		error = get_editor(&editor);
-	else
-		error = apply_unveil(got_repo_get_path(repo), 0,
-		    got_worktree_get_root_path(worktree));
+		if (error)
+			goto done;
+		if (unveil(editor, "x") != 0) {
+			error = got_error_from_errno2("unveil", editor);
+			goto done;
+		}
+	}
+
+	error = apply_unveil(got_repo_get_path(repo), 0,
+	    got_worktree_get_root_path(worktree));
 	if (error)
 		goto done;