> 2. vmd calls openpty() in the pledged parent whenever a new VM is > started - effectively doing ioctls on post-pledge fds. I will > probably solve this by opening the pty in the non-pledged "priv" > process, and do some additional passing, but then I'll also have to > give up its chroot to access /dev/. > > vmd: ioctl 40287401 post-pledge fd 12 > vmd(51681): syscall 54 "tty"
How about opening PATH_PTMDEV early and keeping it open in a properly protected process; then create pty pairs as required.
