Sebastien Marie writes: > For me, you are pledging too early (before initialization).
I agree with everything you said regarding pledge(2) technique, including this statement, but it is worth remembering that the list of promises can be narrowed later with another pledge call. It's very important to get the final steady-state promises right. They should be suitably narrow. But initialization code can be very dangerous too, so a broader list of promises very early in the program can be worth it, if it means the init code runs without some of the big ones like exec. The risk is that someone adds pledge to a new program with a single broad promise, and never narrows it after initialization is over.
