Allow passing null

.gitignore

@@ -27,10 +27,10 @@ missing
 mkinstalldirs
 modules
 run-tests.php
-tests/*/*.diff
-tests/*/*.out
-tests/*/*.php
-tests/*/*.exp
-tests/*/*.log
-tests/*/*.sh
-php-7.0.core
+tests/*.diff
+tests/*.out
+tests/*.php
+tests/*.exp
+tests/*.log
+tests/*.sh
+*.core

README.md

@@ -65,8 +65,35 @@ All promises are documented in [the OpenBSD pledge(2) manual page](http://man.op
 
 If the PHP ```pledge()``` call fails, it will throw a ```\PledgeException```.
 
+To set pledges on an execve child:
+
+```
+pledge(null, 'tty stdio error rpath');
+pcntl_exec('/bin/ls');
+```
+
 ## Unveil usage
 
+```
+# wworks
+print_r(scandir('/var'));
+
+# Limit read only access to /var/spool
+unveil('/var/spool', 'r');
+
+# No longer works
+print_r(scandir('/var'));
+# Works
+print_r(scandir('/var/spool'));
+
+# Disallow more unveils
+unveil();
+
+# No longer works
+unveil('/var', 'r');
+
+```
+
 If the PHP ```unveil()``` call fails, it will throw a ```\UnveilException```.
 
 ## Notes

pledge.c

@@ -75,8 +75,8 @@ PHP_FUNCTION(pledge) {
 
     ZEND_PARSE_PARAMETERS_START(0, 2)
         Z_PARAM_OPTIONAL
-        Z_PARAM_STRING(promises, promises_len)
-        Z_PARAM_STRING(execpromises, execpromises_len)
+        Z_PARAM_STRING_EX(promises, promises_len, 1, 0)
+        Z_PARAM_STRING_EX(execpromises, execpromises_len, 1, 0)
     ZEND_PARSE_PARAMETERS_END();
 
     if (pledge(promises, execpromises) != 0) {
@@ -105,8 +105,8 @@ PHP_FUNCTION(unveil) {
 
     ZEND_PARSE_PARAMETERS_START(0, 2)
         Z_PARAM_OPTIONAL
-        Z_PARAM_STRING(path, path_len)
-        Z_PARAM_STRING(permissions, permissions_len)
+        Z_PARAM_STRING_EX(path, path_len, 1, 0)
+        Z_PARAM_STRING_EX(permissions, permissions_len, 1, 0)
     ZEND_PARSE_PARAMETERS_END();
 
     if (unveil(path, permissions) != 0) {