> I'm trying to use pledge to protect a go program. > > The exec aborts with abort trap: core dump > > Ktrace and /var/log/messages say that the __set_tcb > syscall is denied. > > Can I configure pledge to allow such syscall ?
In post-6.2, this is now allowed. It wasn't allowed earlier due to an oversight. > (Same question for mlock and mlockall) Uhm, those are not going to be allowed. They are precisely the type of operations you should do before pledge.
