Registering a EVFILT_PROC, NOTE_EXIT kevent requires proc On Thu, Jan 5, 2017, 15:25 Ted Unangst <t...@tedunangst.com> wrote:
> Theo de Raadt wrote: > > > Luke Small wrote: > > > > What if I want to prevent a process from forking while I want to > create new > > > > EVFILT_PROC events? Say, to accept the pid of a sibling fork from a > pipe > > > > and load it into a kqueue. Is there a reason why waitpid() isn't > beholden > > > > to this, or is there a reason that EVFILT_PROC is? > > > > > > wait() is a less powerful syscall than kevent(). > > > > indeed, EVFILT_PROC lets you observe processes other than your own > > children. > > > > that way far outside "stdio", you are reasoning about processes in > general, > > so of course you need pledge "proc". > > I should also clarify a bit. wait() only works for processes you've created > with fork(), which requires "proc". There's good reason to allow you to > watch > for a child's exit much later, but without the ability to fork again. > > Also, kevent allows exactly this setup with the same set of pledges. After > calling fork() is when you attach the kevent for the child. Then you drop > "proc" and can continue to receive notifications about child exits. > > Using kevent() in the same way as wait() requires exactly the same pledge.