> An idea would be to open the fd at init time, which should be early > enough for most cases (i.e. before the first pledge(2) call). Big > drawback is the open fd all the time until program exits.
Keeping a fd open through libc runtime is not going to fly. It isn't just the fragility of it. The risks of misuse are too high.