On Sun, May 06, 2018 at 11:25:19AM +0200, Alexandre Ratchov wrote: > On Fri, May 04, 2018 at 05:31:22PM +0200, Theo Buehler wrote: > > On Fri, May 04, 2018 at 09:03:38AM +0200, Alexandre Ratchov wrote: > > > On Thu, May 03, 2018 at 09:48:13PM +0200, Jesper Wallin wrote: > > > > Hi all, > > > > > > > > I just noticed that aucat(1) is missing pledge. However, I'm aware that > > > > aucat(1) is talking to sndiod(8), which is being pledged properly. But > > > > seeing that programs like yes(1) is properly pledged, I don't see any > > > > reason not to pledge aucat(1) as well, unless I'm missing something > > > > obvious. > > > > > > > > > > Thanks. The promise list to use audio and/or midi is in the > > > sio_open(2) man page, so the following seem to be needed: stdio, > > > audio, rpath, wpath, cpath, unix, inet, dns. > > > > > > aucat could be pledged() since the very beginning; imho this makes > > > sense as the "risky" part is slot_new(), when file headers are parsed. > > > > > > > While the last submitted patch looks correct to me, I wonder (rather > > naively) if it would be possible to refactor in such a way that > > slot_new() is called only after or from within dev_open(), so we can > > drop the promises at least to "stdio rpath wpath cpath audio" at the > > point where slot_new() is called for the -i or -o options. > > slot_new() is used to determine device parameters, which are used to > call dev_open(), so it must be called first. > > The only way to do this is to save the list of files and then open the > device, then parse file headers, then configure the device. This is > not trivial. >
Ok, thanks for the explanation. In that case, the proposed diff is ok tb
