That is not possible. pledge only works on behalf of a process itself.
In the simplest case, a call to pledge is done between the first part of a program "initialization" and the second part of a program "main loop". It serves no purpose if done earlier, and as you noted execve resets pledge, to serve the large variety or programs which are "shells" or have selective behaviours where they "shell-out". > I would like to have pledge on the command line so I can restrict an ad-hoc > process during execution. For example: > > $ pledge "stdio" sed -e "s/foo/bar/g" <input.txt >output.txt > > I can't modify sed, for example, because I don't always want it pledged > that tightly. Since execve removes pledges, I can't see a way to write > this pledge utility myself. Is it possible? Is there a better way to > impose these kinds of ad-hoc restrictions on a utility? > > Thanks.
