Your example is vaguely inprecise enough that I cannot reproduce the failure. If I could, I would ktrace it.
dig is supposed to use SOCK_DNS, and then not bother doing additional stuff. 105 is setsockopt. We would investigate if the setsockopt being done is required, or if it can be removed. After all, the "bind as a library" code remaining no longer needs to serve "daemon functionality". Peter J. Philipp <[email protected]> wrote: > I did a quick grep of dig's pledge: > > ----> > beta$ grep pledge * > dig.c: if (pledge("stdio rpath dns", NULL) == -1) { > dig.c: perror("pledge"); > dig.c: if (pledge("stdio dns", NULL) == -1) { > dig.c: perror("pledge"); > <---- > > and noticed that there is no inet pledge. The problem is when I do > a dig @server +tcp example.com, dig gets killed with an inet pledge > recomendation. > > beta$ dmesg | tail -1 > dig[42760]: pledge "inet", syscall 105 > > I'm aware that dig was only recently upgraded and I don't want to step > on anyones toes. Is there a fix for the dns pledge or an addition to > dig's pledges foreseen? > > Best regards, > -peter >
