commit aaa8879b1ecf56fbe7d69e69a6e951db4d8cb806
from: Stefan Sperling <stsp@stsp.name>
date: Thu Mar 28 11:07:46 2024 UTC

call unveil earlier in 'got commit'

We now know that unveil(2) will never traverse exec.
No need to wait with unveil until the editor has been run.

ok op@

commit - 2f40f7d278bccb8402479f25d13145bdc199bfb7
commit + aaa8879b1ecf56fbe7d69e69a6e951db4d8cb806
blob - be364f33ae558187761d281438ee798b41d5c990
blob + a3d939c4058c0a946db7bdf78bfdf2c4cb46dffe
--- got/got.c
+++ got/got.c
@@ -9150,10 +9150,6 @@ done:
 
 	if (fd != -1 && close(fd) == -1 && err == NULL)
 		err = got_error_from_errno2("close", a->logmsg_path);
-
-	/* Editor is done; we can now apply unveil(2) */
-	if (err == NULL)
-		err = apply_unveil(a->repo_path, 0, a->worktree_path);
 	if (err) {
 		free(*logmsg);
 		*logmsg = NULL;
@@ -9423,15 +9419,18 @@ cmd_commit(int argc, char *argv[])
 	if (author == NULL)
 		author = committer;
 
-	/*
-	 * unveil(2) traverses exec(2); if an editor is used we have
-	 * to apply unveil after the log message has been written.
-	 */
-	if (logmsg == NULL || strlen(logmsg) == 0)
+	if (logmsg == NULL || strlen(logmsg) == 0) {
 		error = get_editor(&editor);
-	else
-		error = apply_unveil(got_repo_get_path(repo), 0,
-		    got_worktree_get_root_path(worktree));
+		if (error)
+			goto done;
+		if (unveil(editor, "x") != 0) {
+			error = got_error_from_errno2("unveil", editor);
+			goto done;
+		}
+	}
+
+	error = apply_unveil(got_repo_get_path(repo), 0,
+	    got_worktree_get_root_path(worktree));
 	if (error)
 		goto done;