On Thu, Apr 07, 2016 at 04:01:52PM -0400, Rob Pierce wrote: > I wasn't sure of where to put it in the list. > > How is this? > > Rob >
Hi, Sorry for the late reply. We have discuted a bit the proper way to document "route" promise. Your diff is a good starting point for "route" promise. The first sentence was reformulated by ingo@, and I have tried to enhance it a bit with description of the behaviour (read-only operations) and mentions sysctls interface for routing table observation. I hope someone more familiar than me with these ioctls and sysctls interfaces for routing will confirm the exactness of the description (or provide a more precise description). I added in Cc people using "route" promise (in dhclient, iked, bgpd, dhcpcd, route6d, rtadvd), which should be competent for that. Comments ? -- Sebastien Marie Index: pledge.2 =================================================================== RCS file: /cvs/src/lib/libc/sys/pledge.2,v retrieving revision 1.28 diff -u -p -r1.28 pledge.2 --- pledge.2 10 Apr 2016 18:52:07 -0000 1.28 +++ pledge.2 11 Apr 2016 09:05:09 -0000 @@ -80,7 +80,8 @@ Only the and .Dv FIONBIO operations are allowed by default. -Use of the "tty" and "ioctl" promises receive more ioctl requests. +The "audio", "ioctl", "pf", "route" and "tty" promises permit more ioctl +requests. .Pp .It Xr chmod 2 .It Xr fchmod 2 @@ -495,6 +496,25 @@ process: .Xr setrlimit 2 , .Xr getpriority 2 , .Xr setpriority 2 . +.It Va "route" +Allows a subset of read-only +.Xr ioctl 2 +operations on network interfaces: +.Pp +.Dv SIOCGIFADDR , +.Dv SIOCGIFFLAGS , +.Dv SIOCGIFMETRIC , +.Dv SIOCGIFGMEMB , +.Dv SIOCGIFRDOMAIN , +.Dv SIOCGIFDSTADDR_IN6 , +.Dv SIOCGIFNETMASK_IN6 , +.Dv SIOCGNBRINFO_IN6 , +.Dv SIOCGIFINFO_IN6 , +.Dv SIOCGIFMEDIA . +.Pp +And allows a subset of +.Xr sysctl 3 +interfaces for routing table observation. .It Va "pf" Allows a subset of .Xr ioctl 2
