> I wrote some patches to allow pledging across execs.
> Currently, the exec pledge passes down the process tree.
>
> The initial version simply inherited the current pledge when
> execing with the `pledge("rexec")` promise, but after
> discussing with Theo at EuroBSD, a better design was
> suggested. Because directory pledges are going to be their
> own system call, we can repurpose the second argument of
> pledge as the "exec pledge".
I have a more substantial version of this change, but I am still
iterating the design by studying impact throughout the tree. Not
ready to share widely yet.
