Hi Sebastien, Sebastien Marie wrote on Mon, Apr 11, 2016 at 11:18:34AM +0200:
> Comments ? OK schwarze@. You may want to consider the nits below, but my OK doesn't depend on them. By the way, the sysctl(3) manual seems to be lacking information about NET_RT_TABLE, if somebody wants to look into that - but that's not related to this diff. Yours, Ingo > Index: pledge.2 > =================================================================== > RCS file: /cvs/src/lib/libc/sys/pledge.2,v > retrieving revision 1.28 > diff -u -p -r1.28 pledge.2 > --- pledge.2 10 Apr 2016 18:52:07 -0000 1.28 > +++ pledge.2 11 Apr 2016 09:05:09 -0000 > @@ -80,7 +80,8 @@ Only the > and > .Dv FIONBIO > operations are allowed by default. > -Use of the "tty" and "ioctl" promises receive more ioctl requests. > +The "audio", "ioctl", "pf", "route" and "tty" promises permit more ioctl > +requests. A minor nit: We usually add the Oxford comma, like this: The "audio", "ioctl", "pf", "route", and "tty" promises... > .Pp > .It Xr chmod 2 > .It Xr fchmod 2 > @@ -495,6 +496,25 @@ process: > .Xr setrlimit 2 , > .Xr getpriority 2 , > .Xr setpriority 2 . > +.It Va "route" > +Allows a subset of read-only > +.Xr ioctl 2 > +operations on network interfaces: > +.Pp > +.Dv SIOCGIFADDR , > +.Dv SIOCGIFFLAGS , > +.Dv SIOCGIFMETRIC , > +.Dv SIOCGIFGMEMB , > +.Dv SIOCGIFRDOMAIN , > +.Dv SIOCGIFDSTADDR_IN6 , > +.Dv SIOCGIFNETMASK_IN6 , > +.Dv SIOCGNBRINFO_IN6 , > +.Dv SIOCGIFINFO_IN6 , > +.Dv SIOCGIFMEDIA . > +.Pp > +And allows a subset of > +.Xr sysctl 3 > +interfaces for routing table observation. The following might read a bit better: It also allows read access to some .Xr sysctl 3 nodes for inspection of the routing table. > .It Va "pf" > Allows a subset of > .Xr ioctl 2
