I would like to be able to call chroot(2) in a program that uses pledge(2).
The following (untested) patch makes this possible as part of the "rpath" promise.
Does this seem like a reasonable idea? --- sys/kern/kern_pledge.c Thu Jun 29 00:10:07 2017 +++ sys/kern/kern_pledge.c.with_chroot Mon Jul 17 22:32:43 2017 @@ -292,6 +292,7 @@ [SYS_execve] = PLEDGE_EXEC, [SYS_chdir] = PLEDGE_RPATH, + [SYS_chroot] = PLEDGE_RPATH, [SYS_openat] = PLEDGE_RPATH | PLEDGE_WPATH, [SYS_fstatat] = PLEDGE_RPATH | PLEDGE_WPATH, [SYS_faccessat] = PLEDGE_RPATH | PLEDGE_WPATH,