hi,
this is pledge() in newsyslog.
please check & test...
and is someone using monitormode, please say so ;)
(oh, and oks?)
diff --git usr.bin/newsyslog/newsyslog.c usr.bin/newsyslog/newsyslog.c
index 761da36..acfd871 100644
--- usr.bin/newsyslog/newsyslog.c
+++ usr.bin/newsyslog/newsyslog.c
@@ -191,11 +191,20 @@ main(int argc, char **argv)
struct pidinfo *pidlist, *pl;
int status, listlen;
char **av;
+
+ if (pledge("stdio rpath wpath cpath fattr exec proc", NULL) == -1)
+ err(1,"pledge");
parse_args(argc, argv);
argc -= optind;
argv += optind;
+ if (noaction && pledge("stdio rpath", NULL) == -1)
+ err(1,"pledge");
+ else if (!monitormode && pledge("stdio rpath wpath cpath fattr proc",
+ NULL) == -1)
+ err(1,"pledge");
+
if (needroot && getuid() && geteuid())
errx(1, "You must be root.");
