On 2018/02/18 12:36, Neeraj Pal wrote: > I read kern_pledge.c file, but, I am not able to figure out the pledge > bit value of a program which isn't using pledge() system call in > user-space code. > Because even after not using pledge() system call in user-space, > still, every process has some default kind of pledge bit value, that > is, 0x8009588f.
ps_pledge only indicates that a process has been pledged if the PS_PLEDGE bit (0x00100000) has been set. On a new process this bit (and this bit only) is cleared explicitly by atomic_clearbits_int in sys/kern_exec.c:sys_execve(), I haven't looked further but presumably other bits are just as returned from the allocator. Basically if you are looking to see what pledge a process has, check PS_PLEDGE first, other bits are only meaningful if that bit is set.
