unveil(2) sysctl(8)

[Ricardo Mestre]

Hi,

My eyes may be cheating me in plain sight, but sysctl(8) doesn't seem to
require fs access at all.

Comments? OK?

Index: sysctl.c
===================================================================
RCS file: /cvs/src/sbin/sysctl/sysctl.c,v
retrieving revision 1.242
diff -u -p -u -r1.242 sysctl.c
--- sysctl.c    13 May 2019 20:47:19 -0000      1.242
+++ sysctl.c    7 Jun 2019 17:01:23 -0000
@@ -255,6 +255,11 @@ main(int argc, char *argv[])
        argc -= optind;
        argv += optind;
 
+       if (unveil("/", "") == -1)
+           err(1, "unveil");
+       if (unveil(NULL, NULL) == -1)
+           err(1, "unveil");
+
        if (argc == 0 || (Aflag || aflag)) {
                debuginit();
                vfsinit();