On Thu, Nov 05, 2015 at 10:54:32AM +0100, Theo Buehler wrote:
> On Thu, Nov 05, 2015 at 10:42:54AM +0100, Marc Espie wrote:
> > - if (pledge("stdio rpath getpw tty id ps vminfo", NULL) == -1)
> > + if (pledge("stdio rpath getpw tty proc id ps vminfo", NULL) == -1)
> > err(1, "pledge");
>
> I think both "proc" and "id" are too much: "id" was added to enable
> renicing, but "proc" is good enough for that:
>
> Index: usr.bin/top/top.c
> ===================================================================
> RCS file: /cvs/src/usr.bin/top/top.c,v
> retrieving revision 1.87
> diff -u -p -r1.87 top.c
> --- usr.bin/top/top.c 4 Nov 2015 21:28:27 -0000 1.87
> +++ usr.bin/top/top.c 5 Nov 2015 09:54:04 -0000
> @@ -328,7 +328,7 @@ main(int argc, char *argv[])
> preset_argc = 0;
> } while (i != 0);
>
> - if (pledge("stdio rpath getpw tty id ps vminfo", NULL) == -1)
> + if (pledge("stdio rpath getpw tty proc ps vminfo", NULL) == -1)
> err(1, "pledge");
>
> /* set constants for username/uid display correctly */
WHAT ? I don't see setpriority in the list of syscalls that proc enables.
