I have been informed, that unveil does not work for subprocesses by
design. Thus this project is futile and I will archive it.
NAME
unveilme – execute a program while restricting its filesystem view
SYNOPSIS
unveilme <path-permissions> program [argument ...]
unveilme -p <path-permissions> ... program [argument ...]
DESCRIPTION
unveilme runs the specified program while restricting it's filesystem
view. It does this by calling unveil(2), passing path-permissions to its
path and permissions arguments.
Further calls to unveil(2) by program are disabled.
path-permissions are composed of a path followed by a colon and the
permissions. See unveil(2) for a list of these permissions.
EXAMPLE
unveilme /usr/bin/printf:rx printf 'test\n'
unveilme -p /bin/ls:rx -p /tmp:r ls /tmp
SEE ALSO
unveil(2), pledgeme(1)