On 2017-04-27, Ted Unangst wrote:
> Michael Hendricks wrote:
>> I would like to have pledge on the command line so I can restrict an ad-hoc
>> process during execution. For example:
>>
>> $ pledge "stdio" sed -e "s/foo/bar/g" output.txt
>>
>> I can't modify sed, for example, because I don't alw
> Michael Hendricks wrote:
> > I would like to have pledge on the command line so I can restrict an ad-hoc
> > process during execution. For example:
> >
> > $ pledge "stdio" sed -e "s/foo/bar/g" output.txt
> >
> > I can't modify sed, for example, because I don't always want it pledged
> > that
Michael Hendricks wrote:
> I would like to have pledge on the command line so I can restrict an ad-hoc
> process during execution. For example:
>
> $ pledge "stdio" sed -e "s/foo/bar/g" output.txt
>
> I can't modify sed, for example, because I don't always want it pledged
> that tightly. Since
That is not possible.
pledge only works on behalf of a process itself.
In the simplest case, a call to pledge is done between the first part
of a program "initialization" and the second part of a program "main
loop".
It serves no purpose if done earlier, and as you noted execve resets
pledge, to
4 matches
Mail list logo
