Hi all! I'm trying to implement pledge(2) support into kc(1) (in ports) while using it with a Yubikey. So far this is my pledge string: char *pledges = "cpath exec fattr flock proc rpath stdio tty unix wpath";
This covers everything it would do without the Yubikey. But I can't seem to find the proper "promise" that would allow it to use the Yubikey (I've tried adding everything at one point). The application dies with (on -current): Abort trap (core dumped) kc[35302]: pledge "tty", syscall 54 And the trace looks like this: #0 ioctl () at -:3 No locals. #1 0x00000fb51385e600 in libusb_interrupt_transfer () from /usr/local/lib/libusb-1.0.so.1.2 No symbol table info available. #2 0x00000fb513856864 in libusb_get_device_list () from /usr/local/lib/libusb-1.0.so.1.2 No symbol table info available. #3 0x00000fb53bf41e82 in _ykusb_open_device () from /usr/local/lib/libykpers-1.so.0.8 No symbol table info available. #4 0x00000fb53bf408ab in yk_open_key_vid_pid () from /usr/local/lib/libykpers-1.so.0.8 No symbol table info available. #5 0x00000fb25fdac4d9 in kc_ykchalresp () from /home/daniell/kc/kc No symbol table info available. #6 0x00000fb25fd9f293 in main () from /home/daniell/kc/kc No symbol table info available. These are the last couple of line from ktrace: 35302 kc CALL open(0x7f7ffffee1f0,0x2<O_RDWR>) 35302 kc NAMI "/dev/usb0" 35302 kc RET open -1 errno 13 Permission denied 35302 kc CALL kbind(0x7f7ffffede88,24,0x18365a7b5e816bae) 35302 kc RET kbind 0 35302 kc CALL open(0x7f7ffffee1f0,0x2<O_RDWR>) 35302 kc NAMI "/dev/usb1" 35302 kc RET open 7 35302 kc CALL kbind(0x7f7ffffede88,24,0x18365a7b5e816bae) 35302 kc RET kbind 0 35302 kc CALL ioctl(7,USB_DEVICEINFO,0x7f7ffffedf50) 35302 kc PLDG ioctl, "tty", errno 1 Operation not permitted 35302 kc PSIG SIGABRT SIG_DFL 35302 kc NAMI "kc.core" I don't know if this matters, but for even ykinfo(1) (in the ykpers port) to work, I had to: # chmod g+w /dev/usb1 # chmod g+rw /dev/ugen0.00 Could someone hit me with a clue-bat how to pledge for using a Yubikey (or rather, I guess, any USB device?). Thanks in advance, Dani
