> As far as my test (the log attached), valgrind seems to work with > "pledge" but not work with "unveil". > > Is there any fundamental problem of valgrind to work with "pledge"?
If unveil causes problems, then that means it is trying to access files. unveil will return ENOENT or EACCES for files which you think exist, but they've become invisible. But pledge is somewhat similar. It also has options to block path access, and they are used in programs throughout our tree. In those instances, rather than the operation failing with an error, the process will get killed hard. So I'm sure there are circumstances it won't work, unless redesigned into the classic "startup code / main loop code" split, where startup has full syscall request capabilities, but it recognizes later "main loop" code could be very lacking.
