Match ps pledge name order with pledge(2)

Wed, 09 Jun 2021 07:42:47 -0700 

I was surprised to find that ps -O pledge did not list the pledge
promise names in the same order as the pledge(2) manpage.  Besides
lacking consistency, this was also making it difficult to quickly find
which promises are not granted to a process which requires most of
them (e.g. chrome).

I figure that the manpage is probably the more consulted reference,
and the order that is preferred, so the patch below reorders the
promise names in pledge.h to match.

There were three promises which are not documented in pledge(2):
disklabel, drm, and vmm.  I've just left these at the end.

diff 3484b12ed58f55deb62bd2fb604ec61c1292c8c7 /usr/src
blob - 6dce461fadda1a98cbe3508a747c0688a0d548ce
file + sys/sys/pledge.h
--- sys/sys/pledge.h
+++ sys/sys/pledge.h
@@ -76,42 +76,42 @@ static const struct {
        uint64_t        bits;
        const char      *name;
 } pledgenames[] = {
+       { PLEDGE_STDIO,         "stdio" },
        { PLEDGE_RPATH,         "rpath" },
        { PLEDGE_WPATH,         "wpath" },
        { PLEDGE_CPATH,         "cpath" },
-       { PLEDGE_STDIO,         "stdio" },
+       { PLEDGE_DPATH,         "dpath" },
        { PLEDGE_TMPPATH,       "tmppath" },
-       { PLEDGE_DNS,           "dns" },
        { PLEDGE_INET,          "inet" },
+       { PLEDGE_MCAST,         "mcast" },
+       { PLEDGE_FATTR,         "fattr" },
+       { PLEDGE_CHOWNUID,      "chown" },
        { PLEDGE_FLOCK,         "flock" },
        { PLEDGE_UNIX,          "unix" },
-       { PLEDGE_ID,            "id" },
-       { PLEDGE_TAPE,          "tape" },
+       { PLEDGE_DNS,           "dns" },
        { PLEDGE_GETPW,         "getpw" },
-       { PLEDGE_PROC,          "proc" },
-       { PLEDGE_SETTIME,       "settime" },
-       { PLEDGE_FATTR,         "fattr" },
-       { PLEDGE_PROTEXEC,      "prot_exec" },
-       { PLEDGE_TTY,           "tty" },
        { PLEDGE_SENDFD,        "sendfd" },
        { PLEDGE_RECVFD,        "recvfd" },
+       { PLEDGE_TAPE,          "tape" },
+       { PLEDGE_TTY,           "tty" },
+       { PLEDGE_PROC,          "proc" },
        { PLEDGE_EXEC,          "exec" },
-       { PLEDGE_ROUTE,         "route" },
-       { PLEDGE_MCAST,         "mcast" },
-       { PLEDGE_VMINFO,        "vminfo" },
+       { PLEDGE_PROTEXEC,      "prot_exec" },
+       { PLEDGE_SETTIME,       "settime" },
        { PLEDGE_PS,            "ps" },
-       { PLEDGE_DISKLABEL,     "disklabel" },
+       { PLEDGE_VMINFO,        "vminfo" },
+       { PLEDGE_ID,            "id" },
        { PLEDGE_PF,            "pf" },
+       { PLEDGE_ROUTE,         "route" },
+       { PLEDGE_WROUTE,        "wroute" },
        { PLEDGE_AUDIO,         "audio" },
-       { PLEDGE_DPATH,         "dpath" },
-       { PLEDGE_DRM,           "drm" },
-       { PLEDGE_VMM,           "vmm" },
-       { PLEDGE_CHOWNUID,      "chown" },
+       { PLEDGE_VIDEO,         "video" },
        { PLEDGE_BPF,           "bpf" },
-       { PLEDGE_ERROR,         "error" },
-       { PLEDGE_WROUTE,        "wroute" },
        { PLEDGE_UNVEIL,        "unveil" },
-       { PLEDGE_VIDEO,         "video" },
+       { PLEDGE_ERROR,         "error" },
+       { PLEDGE_DISKLABEL,     "disklabel" },
+       { PLEDGE_DRM,           "drm" },
+       { PLEDGE_VMM,           "vmm" },
        { 0, NULL },
 };
 #endif

Reply via email to