> On Mon, Feb 27, 2017 at 10:55:31AM +0100, Reyk Floeter wrote: > > The following diff is not really needed without just yet, but: > > - openening /dev/ptm in advance might allow better pledge in the future > > - customizing "openpty" will allow to do what we need next > > Since openpty(4) is libutil and not libc, it should be fine not using it. > > > > OK? > > > > Replace openpty(3) with local function that uses pre-opened /dev/ptm fd > > > > This allows more flexibility for upcoming changes and better pledge. > > We also didn't use half of the features of libutil's openpty function. > > Additionally, make sure that the ttys are closed correctly on shutdown.
This is related to the change that happened in tmux, when PTM ioctl was locked down in pledge ioctl. The primary purpose of the change, was that review of the PTM ioctl codepaths showed it was a lot of risk to keep in pledge "tty" programs, so it makes sense that some of them get restructured. That means the libutil functions aren't always used. We should consider whether raw ioctl PTMGET in programs is "good" or "bad". vmd is openbsd only, but tmux now has this in the openbsd-specific code. If this goes PTMGET approach goes any further, we should think about a new interface in libutil which hides the ioctl in a differnet way, and convert programs to it. Just a thought..
