pledge() requests int pledge(const char *request, char *whitepaths[]); pledge requests include: stdio - malloc features + rw rpath wpath cpath tmppath - path "opening" fattr - chmod, utimes -- explicit changes to "fd" modes unix inet - opening of new sockets dns - dns lookusp and such route - route "lookup" features used by routing daemons sendfd - file descriptor sending via sendmsg recvfd - file descriptor receiving via recvmsg getpw - passwd/group file accesses are expected ioctl - only small subset of ioctl features tty - subset of ioctl permitted for tty operations Will be extended slowly, as more needs are found Combinations of these create "subsets of the posix" environment which we consider safe & usable