diff --git a/endlessh.c b/endlessh.c
index e448d59..909e58e 100644
--- a/endlessh.c
+++ b/endlessh.c
@@ -633,6 +633,8 @@ main(int argc, char **argv)
     const char *config_file = DEFAULT_CONFIG_FILE;
 
 #if defined(__OpenBSD__)
+    if (unveil("/", "") == -1)
+        die();
     unveil(config_file, "r"); /* return ignored as the file may not exist */
     if (pledge("inet stdio rpath unveil", 0) == -1)
         die();
@@ -693,6 +695,11 @@ main(int argc, char **argv)
         }
     }
 
+#if defined(__OpenBSD__)
+    if (unveil(0, 0) == -1)
+        die();
+#endif
+
     if (argv[optind]) {
         fprintf(stderr, "endlessh: too many arguments\n");
         exit(EXIT_FAILURE);