On 2026-02-10, Benjamin Lee McQueen <[email protected]> wrote: > > hi misc@, > > was looking at very basic files in userland recently and saw a few > didn't have pledge. > > for very simple programs (like arch or pagesize, is adding pledge worth > the > > extra complexity?
arch(1) could be pledged trivially. yes(1) has about the same complexity as arch and is already pledged, so maybe that makes sense. pagesize is a shell script, pledge for this would mean rewriting in C. Obviously not difficult though. Impact on install kernels needs checking, some of the ramdisks are tight. > Also, are some intentionally left unpledged? There are some where the available set of pledges doesn't cover what the program needs to do. (Some of those use unveil to restrict filesystem access instead). -- Please keep replies on the mailing list.
