I imagine it could be used to provide rudimentary sandboxing (running untrusted or partially-trusted code and limiting what it is allowed to access). Let me know if I am mistaken.
On Sun, Apr 10, 2016, at 12:50 PM, Nicholas Marriott wrote: > Hi > > What's the use for this? What program could use it? > > > On Sun, Apr 10, 2016 at 08:48:08AM -0700, Brennan Vincent wrote: > > Subject basically says it all. I think some could find it useful to have > > `pledge` promises optionally persist even after the process calls > > execve. This could, for example, be implemented with an `exec_noreset` > > pledge that gives access to the same syscalls as `exec`, but with this > > restricted behavior. > > > > Is there a good technically reason this can't or shouldn't be done, or > > has it simply not been implemented yet? > >
