> I should also clarify a bit. wait() only works for processes you've created > with fork(), which requires "proc". There's good reason to allow you to watch > for a child's exit much later, but without the ability to fork again.
that's right. during development of pledge, we found many instances where a parent creates a child, then both of them pledge narrowly. Imagine the parent goes to "stdio", but still wants to observe termination of the child, and perform some very small action afterwards. It is a common pattern, so waitpid(2) is serviced normally in "stdio". > Also, kevent allows exactly this setup with the same set of pledges. After > calling fork() is when you attach the kevent for the child. Then you drop > "proc" and can continue to receive notifications about child exits. > > Using kevent() in the same way as wait() requires exactly the same pledge. Only a subset of kqueue/kevent behaviours are allowed in "stdio" -- basically the poll/select equivelant behaviours exposed by libevent. That kind of thing occurs in around 60 base programs (sometimes in 2-3x seperate event loops due to privsep, sometimes done by hand rather than using libevent). In the future if we encounter risky behaviours of kqueue/kevent which are not critical for "stdio" programs, they may also get blocked.