From 097634d75c77573ac075683f9441343c5db61a99 Mon Sep 17 00:00:00 2001
From: Justine Tunney <jtunney@gmail.com>
Date: Wed, 20 Jul 2022 13:58:52 -0700
Subject: [PATCH] Make pledge.com binary 4kb smaller

---
 libc/mem/unveil.c   | 6 ++----
 tool/build/pledge.c | 2 +-
 2 files changed, 3 insertions(+), 5 deletions(-)

diff --git a/libc/mem/unveil.c b/libc/mem/unveil.c
index 2dac9af6c..19b257274 100644
--- a/libc/mem/unveil.c
+++ b/libc/mem/unveil.c
@@ -92,10 +92,7 @@ static const struct sock_filter kBlacklistLandlock[] = {
 _Thread_local static struct {
   uint64_t fs_mask;
   int fd;
-} State = {
-    .fs_mask = UNVEIL_READ | UNVEIL_WRITE | UNVEIL_EXEC | UNVEIL_CREATE,
-    .fd = 0,
-};
+} State;
 
 static int unveil_final(void) {
   int rc;
@@ -121,6 +118,7 @@ static int err_close(int rc, int fd) {
 
 static int unveil_init(void) {
   int rc, fd;
+  State.fs_mask = UNVEIL_READ | UNVEIL_WRITE | UNVEIL_EXEC | UNVEIL_CREATE;
   if ((rc = landlock_create_ruleset(0, 0, LANDLOCK_CREATE_RULESET_VERSION)) <
       0) {
     if (errno == EOPNOTSUPP) errno = ENOSYS;
diff --git a/tool/build/pledge.c b/tool/build/pledge.c
index 9e819a1ca..f4e819fcc 100644
--- a/tool/build/pledge.c
+++ b/tool/build/pledge.c
@@ -65,7 +65,7 @@ usage: pledge.com [-hnN] PROG ARGS...\n\
   -g GID          call setgid()\n\
   -u UID          call setuid()\n\
   -c PATH         call chroot()\n\
-  -v [PERM:]PATH  make PATH visible where PERM can have rwxc\n\
+  -v [PERM:]PATH  call unveil(PATH, PERM[rwxc])\n\
   -n              set maximum niceness\n\
   -N              don't normalize file descriptors\n\
   -C SECS         set cpu limit [default: inherited]\n\