I decided late in an application's life to start using pledge, so
I put a call in at the top and started running it and adding the
requirements reported by dmesg on each iteration.
Eventually it reported that the tty promise was breached so I added
that and it reported again that the tty promise was breached.
From GDB the relevant part of the stack trace is:
(gdb) bt
#0 ioctl () at /tmp/-:2
#1 0x606521cbcd89301f in ?? ()
#2 0x000003089d94d4a2 in drmGetVersion (fd=8) at
/usr/xenocara/lib/libdrm/mk/libdrm/../../xf86drm.c:708
#3 0x00000308b1d3b7e1 in loader_get_driver_for_fd (fd=8) at
/usr/xenocara/lib/mesa/mk/libloader/../../src/loader/loader.c:108
#4 0x00000308b1d02ed6 in dri3_create_screen (screen=0, priv=Unhandled
dwarf expression opcode 0xa3) at
/usr/xenocara/lib/mesa/mk/libGL/../../src/glx/dri3_glx.c:829
#5 0x00000308b1cf5956 in __glXInitialize (dpy=0x3083034c000) at
/usr/xenocara/lib/mesa/mk/libGL/../../src/glx/glxext.c:800
#6 0x00000308b1d080a5 in glXQueryVersion (dpy=Unhandled dwarf expression
opcode 0xa3) at /usr/xenocara/lib/mesa/mk/libGL/../../src/glx/glxcmds.c:483
loader_get_driver_for_fd is calling:
drmVersionPtr version = drmGetVersion(fd);
xf86drm.c at line 708 is in drmIoctl which I presume is the result
of some preprocessor magic, calling:
ret = ioctl(fd, request, arg);
dmesg reports (many times with different PID, same syscall):
turtle[32350]: pledge "tty", syscall 54
Clearly pledge is correct: whatever 'request' has this ioctl doing
doesn't use the tty promise (fd is probably the X connection). The
problem here is the error report in dmesg that the breach is in
something which is already included in the list of promises ("stdio
inet unix rpath recvfd tty", NULL).
I shall continue investigating to get my application to work and
follow up if I find anything useful but I hope this is enough
information for somebody familiar with the implementation of pledge
to quickly figure out where its, or my, misunderstanding is.
Cheers,
Matthew
