Josh Rickmar <[email protected]> wrote:
> I figure that the manpage is probably the more consulted reference,
> and the order that is preferred, so the patch below reorders the
> promise names in pledge.h to match.
The current array was value-sorted (by the bit value) to allow binary
search. However no code is actually using binary search. Honestly it
will be hard to maintain this correctly in the future because of the
symbolic names overlaying the bit values.
The order of the manual pages has come up in discussion before. Some folk
wanted them to be in alphabetic order, but I pushed back, because the order
we use is better for learning incrementally.
So we have 3 orders to consider: bit order, name order, or man page order.
My gut reaction is to agree -- man page order is the way to go.
Let's wait a little while and see what others say.
side-comment: there is this weird "chown" vs "chownuid" split, which this
mapping table doesn't understand or expose properly, as it cannot be mapped
backwards. I promised myself I would get back to fixing that years ago and
it seems I dropped it..
> There were three promises which are not documented in pledge(2):
> disklabel, drm, and vmm. I've just left these at the end.
>
> diff 3484b12ed58f55deb62bd2fb604ec61c1292c8c7 /usr/src
> blob - 6dce461fadda1a98cbe3508a747c0688a0d548ce
> file + sys/sys/pledge.h
> --- sys/sys/pledge.h
> +++ sys/sys/pledge.h
> @@ -76,42 +76,42 @@ static const struct {
> uint64_t bits;
> const char *name;
> } pledgenames[] = {
> + { PLEDGE_STDIO, "stdio" },
> { PLEDGE_RPATH, "rpath" },
> { PLEDGE_WPATH, "wpath" },
> { PLEDGE_CPATH, "cpath" },
> - { PLEDGE_STDIO, "stdio" },
> + { PLEDGE_DPATH, "dpath" },
> { PLEDGE_TMPPATH, "tmppath" },
> - { PLEDGE_DNS, "dns" },
> { PLEDGE_INET, "inet" },
> + { PLEDGE_MCAST, "mcast" },
> + { PLEDGE_FATTR, "fattr" },
> + { PLEDGE_CHOWNUID, "chown" },
> { PLEDGE_FLOCK, "flock" },
> { PLEDGE_UNIX, "unix" },
> - { PLEDGE_ID, "id" },
> - { PLEDGE_TAPE, "tape" },
> + { PLEDGE_DNS, "dns" },
> { PLEDGE_GETPW, "getpw" },
> - { PLEDGE_PROC, "proc" },
> - { PLEDGE_SETTIME, "settime" },
> - { PLEDGE_FATTR, "fattr" },
> - { PLEDGE_PROTEXEC, "prot_exec" },
> - { PLEDGE_TTY, "tty" },
> { PLEDGE_SENDFD, "sendfd" },
> { PLEDGE_RECVFD, "recvfd" },
> + { PLEDGE_TAPE, "tape" },
> + { PLEDGE_TTY, "tty" },
> + { PLEDGE_PROC, "proc" },
> { PLEDGE_EXEC, "exec" },
> - { PLEDGE_ROUTE, "route" },
> - { PLEDGE_MCAST, "mcast" },
> - { PLEDGE_VMINFO, "vminfo" },
> + { PLEDGE_PROTEXEC, "prot_exec" },
> + { PLEDGE_SETTIME, "settime" },
> { PLEDGE_PS, "ps" },
> - { PLEDGE_DISKLABEL, "disklabel" },
> + { PLEDGE_VMINFO, "vminfo" },
> + { PLEDGE_ID, "id" },
> { PLEDGE_PF, "pf" },
> + { PLEDGE_ROUTE, "route" },
> + { PLEDGE_WROUTE, "wroute" },
> { PLEDGE_AUDIO, "audio" },
> - { PLEDGE_DPATH, "dpath" },
> - { PLEDGE_DRM, "drm" },
> - { PLEDGE_VMM, "vmm" },
> - { PLEDGE_CHOWNUID, "chown" },
> + { PLEDGE_VIDEO, "video" },
> { PLEDGE_BPF, "bpf" },
> - { PLEDGE_ERROR, "error" },
> - { PLEDGE_WROUTE, "wroute" },
> { PLEDGE_UNVEIL, "unveil" },
> - { PLEDGE_VIDEO, "video" },
> + { PLEDGE_ERROR, "error" },
> + { PLEDGE_DISKLABEL, "disklabel" },
> + { PLEDGE_DRM, "drm" },
> + { PLEDGE_VMM, "vmm" },
> { 0, NULL },
> };
> #endif
>
