Use unveil(2)

Use unveil(2)

Pledge is not possible due to the ioctls, but as apmd hoists both the
control socket and apm device early at startup and only ever possibly
executes scripts under /etc/apm/, hiding the rest of the filesystem
becomes easy.

Technically, only "x" is required to traverse the directory and run
scripts, but apmd carefully access(2) each script, which requires
the read bit regardless of the permission bits being tested.

OK mestre