diff --git a/privsep.org b/privsep.org
index 64d0f79..efad96d 100644
--- a/privsep.org
+++ b/privsep.org
@@ -450,7 +450,7 @@ pledge what the process needs to run. The /engine/ process pledges
 
 We then set-up the [[https://github.com/openbsd/src/blob/3c46ceeaef274bbef234dac63245c4b6567168d7/sbin/dhcpleased/frontend.c#L180][communication channel]] to the /parent/ (also known
 as the /main/) process:
-#+begin_src
+#+begin_src C
 	imsg_init(&iev_main->ibuf, 3);
 	iev_main->handler = frontend_dispatch_main;
 #+end_src
@@ -522,7 +522,7 @@ proposition.
 But not all is lost. We can restrict the amount of havoc an attacker
 can cause if they ever get all the way to the /parent/ process using
 [[https://man.openbsd.org/unveil.2][unveil(2)]]:
-#+begin_src
+#+begin_src C
 	if (unveil(conffile, "r") == -1)
 		fatal("unveil %s", conffile);
 	if (unveil("/dev/bpf", "rw") == -1)