Hi, I ran into a pledge'ing weirdness with Go apps and 'inet'. Go tries to probe available communication options:
https://github.com/golang/go/blob/master/src/net/ipsock_posix.go#L44-L56 The result of which ends up being 'inet' pledged go apps fail with: 'pledge "inet", syscall 105' Removing the "#ifdef notyet"'d IPV6_V6ONLY fixes this issue for me. Discussed with tb, jca and deraadt. OK? Cheers, Aaron Index: kern/kern_pledge.c =================================================================== RCS file: /cvs/src/sys/kern/kern_pledge.c,v retrieving revision 1.223 diff -u -p -r1.223 kern_pledge.c --- kern/kern_pledge.c 12 Oct 2017 15:04:33 -0000 1.223 +++ kern/kern_pledge.c 17 Nov 2017 22:29:54 -0000 @@ -1280,9 +1280,7 @@ pledge_sockopt(struct proc *p, int set, case IPV6_PORTRANGE: case IPV6_RECVPKTINFO: case IPV6_RECVDSTPORT: -#ifdef notyet case IPV6_V6ONLY: -#endif return (0); case IPV6_MULTICAST_IF: case IPV6_MULTICAST_HOPS: -- PGP: 0x1F81112D62A9ADCE / 3586 3350 BFEA C101 DB1A 4AF0 1F81 112D 62A9 ADCE