The pledge.2 man-page makes use of the incorrect .Ar macro which is not intended for manuals in section 2 as .Fa exists for that purpose. Similar to 1.18 in /cvs/src/lib/libm/man/sqrt.3
Index: pledge.2 =================================================================== RCS file: /cvs/src/lib/libc/sys/pledge.2,v retrieving revision 1.60 diff -u -p -u -p -r1.60 pledge.2 --- pledge.2 17 Jul 2020 16:40:26 -0000 1.60 +++ pledge.2 30 Jun 2021 17:02:04 -0000 @@ -33,9 +33,9 @@ management, read-write operations on fil and networking. In general, these modes were selected by studying the operation of many programs using libc and other such interfaces, and setting -.Ar promises +.Fa promises or -.Ar execpromises . +.Fa execpromises . .Pp Use of .Fn pledge @@ -60,7 +60,7 @@ with the flag. .Pp A -.Ar promises +.Fa promises value of .Qq \& restricts the process to the @@ -72,9 +72,9 @@ with another process. Passing .Dv NULL to -.Ar promises +.Fa promises or -.Ar execpromises +.Fa execpromises specifies to not change the current value. .Pp Some system calls, when allowed, have restrictions applied to them: @@ -136,9 +136,9 @@ and any files below .Pa /usr/share/zoneinfo . .It Fn pledge : Can only reduce permissions for -.Ar promises +.Fa promises and -.Ar execpromises . +.Fa execpromises . .It Xr sysctl 2 : A small set of read-only operations are allowed, sufficient to support: @@ -150,7 +150,7 @@ and system sensor readings. .El .Pp The -.Ar promises +.Fa promises argument is specified as a string, with space separated keywords: .Bl -tag -width "prot_exec" -offset indent .It Va stdio @@ -464,7 +464,7 @@ Coupled with the .Va proc promise, this allows a process to fork and execute another program. If -.Ar execpromises +.Fa execpromises has been previously set the new program begins with those promises, unless setuid/setgid bits are set in which case execution is blocked with .Er EACCES . @@ -596,12 +596,12 @@ Rather than killing the process upon vio Also when .Fn pledge is called with higher -.Ar promises +.Fa promises or -.Ar execpromises , +.Fa execpromises , those changes will be ignored and return success. This is useful when a parent enforces -.Ar execpromises +.Fa execpromises but an execve'd child has a different idea. .El .Sh RETURN VALUES @@ -611,12 +611,12 @@ but an execve'd child has a different id will fail if: .Bl -tag -width Er .It Bq Er EFAULT -.Ar promises +.Fa promises or -.Ar execpromises +.Fa execpromises points outside the process's allocated address space. .It Bq Er EINVAL -.Ar promises +.Fa promises is malformed or contains invalid keywords. .It Bq Er EPERM This process is attempting to increase permissions.