> firefox[50499]: pledge "", syscall 203 This is mlock.
It is not suitable in a privsep + pledge program. pledge challenges programs to be narrower and more careful in their system call use for two reasons: upon error they can cause less damage within the filesystem, and upon control fewer kernel subsystems can be reached causing even more grave problems. My position is that a *user program* should not exclusively reserve a physical resource, as physical resources are supposed to be *shared* This probably comes out of a library. The concept is: pull a library written by who knows who, surely full of leaky abstractions and a weak implimentation of the rules of behaviour, into a monster program. And hope for a good outcome. In the greater open source community, every large program and library must use every shiny system call, because that large program is surely the only program running, and when it is running, it is the most important piece of software in the universe. When you are a pig resource sharing is a stupid idea, right? mlock(0, ~0); Maybe ls and cat should use mlock? Maybe ksh. How about we just call mlock inside malloc? I've gone so far as to consider making mlock() as non-root be a NOP, simply return 0. There is a disease in this source code development industry.
