On Fri, May 04, 2018 at 09:03:38AM +0200, Alexandre Ratchov wrote: > Thanks. The promise list to use audio and/or midi is in the > sio_open(2) man page, so the following seem to be needed: stdio, > audio, rpath, wpath, cpath, unix, inet, dns. > > aucat could be pledged() since the very beginning; imho this makes > sense as the "risky" part is slot_new(), when file headers are parsed. >
Ah! You're right, I've only been able to test this again the local sndiod(8). I moved the inital pledge to the top but kept the one for offline mode. I'm not sure if pledge is meant to be used so far down in a program, but I drop all pledges except stdio and audio once sio_open(2) is finished. Regards, Jesper Wallin Index: aucat.c =================================================================== RCS file: /cvs/src/usr.bin/aucat/aucat.c,v retrieving revision 1.172 diff -u -p -r1.172 aucat.c --- aucat.c 7 Nov 2017 11:39:24 -0000 1.172 +++ aucat.c 4 May 2018 09:41:58 -0000 @@ -14,6 +14,7 @@ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ +#include <err.h> #include <errno.h> #include <limits.h> #include <poll.h> @@ -1160,6 +1161,8 @@ playrec(char *dev, int mode, int bufsz, if (!dev_open(dev, mode, bufsz, port)) return 0; + if (pledge("stdio audio", NULL) == -1) + err(1, "pledge"); n = sio_nfds(dev_sh); if (dev_mh) n += mio_nfds(dev_mh); @@ -1364,6 +1367,9 @@ main(int argc, char **argv) int n_flag, c; long long pos; + if (pledge("stdio rpath wpath cpath inet unix dns audio", NULL) == -1) + err(1, "pledge"); + vol = 127; dup = 0; bufsz = 0; @@ -1461,6 +1467,8 @@ main(int argc, char **argv) log_puts("both -i and -o required\n"); return 1; } + if (pledge("stdio rpath wpath cpath", NULL) == -1) + err(1, "pledge"); if (!offline()) return 1; } else {