Kevin Chadwick <m8il1i...@gmail.com> wrote: > On 1/21/21 2:54 PM, Theo de Raadt wrote: > >>> Run your code under ktrace and see what is actually passed to pledge(), > >>> that might give some clues. > >>> > >>> > >> 840 beep CALL pledge(0xc0000f4000,0xc0000ae384) > >> 840 beep STRU promise="stdio rpath wpath cpath dpath tmppath inet > >> mcast fattr chown flock unix d\ > >> ns getpw sendfd recvfd tape tty proc exec prot_exec settime ps vminfo > >> id pf route wroute audio v\ > >> ideo bpf unveil error" > >> 840 beep STRU execpromise="" > >> 840 beep RET pledge 0 > >> > > Whatever you are trying to do is ridiculous. > > Absolutely. In fact the program itself is pointless to pledge, playing a beep > to > the speaker. However, I had pledge disabled in my binaries due to the syscall > 74 > Go bug that was fixed.
> This is just testing with the most permissable settings. That statement is wrong. The most permissable setting is to not use pledge, and use full POSIX. pledge use should be based upon informed decisions after study of everything a program needs to do, rather than slapping it in and then in an uneducated fashion complaining about the result not meeting expectations. People using pledge in high-level language programs are making uninformed decisions, since the high-level language environments perform many complicated operations. Your problem report is useless. You don't supply source, you don't show what is going on, yet you want hand-holding. You don't trace what the program or the heavy-environment is doing. If you can't figure out pledge or how to ensure it is being used correctly, then don't use pledge.
