3 #define nitems(_a) (sizeof((_a)) / sizeof((_a)[0]))
9 #define PLEDGE_ALWAYS 0xffffffffffffffffULL
10 #define PLEDGE_RPATH 0x0000000000000001ULL /* allow open for read */
11 #define PLEDGE_WPATH 0x0000000000000002ULL /* allow open for write */
12 #define PLEDGE_CPATH 0x0000000000000004ULL /* allow creat, mkdir, unlink etc */
13 #define PLEDGE_STDIO 0x0000000000000008ULL /* operate on own pid */
14 #define PLEDGE_TMPPATH 0x0000000000000010ULL /* for mk*temp() */
15 #define PLEDGE_DNS 0x0000000000000020ULL /* DNS services */
16 #define PLEDGE_INET 0x0000000000000040ULL /* AF_INET/AF_INET6 sockets */
17 #define PLEDGE_FLOCK 0x0000000000000080ULL /* file locking */
18 #define PLEDGE_UNIX 0x0000000000000100ULL /* AF_UNIX sockets */
19 #define PLEDGE_ID 0x0000000000000200ULL /* allow setuid, setgid, etc */
20 #define PLEDGE_IOCTL 0x0000000000000400ULL /* Select ioctl */
21 #define PLEDGE_GETPW 0x0000000000000800ULL /* YP enables if ypbind.lock */
22 #define PLEDGE_PROC 0x0000000000001000ULL /* fork, waitpid, etc */
23 #define PLEDGE_SETTIME 0x0000000000002000ULL /* able to set/adj time/freq */
24 #define PLEDGE_FATTR 0x0000000000004000ULL /* allow explicit file st_* mods */
25 #define PLEDGE_PROTEXEC 0x0000000000008000ULL /* allow use of PROT_EXEC */
26 #define PLEDGE_TTY 0x0000000000010000ULL /* tty setting */
27 #define PLEDGE_SENDFD 0x0000000000020000ULL /* AF_UNIX CMSG fd sending */
28 #define PLEDGE_RECVFD 0x0000000000040000ULL /* AF_UNIX CMSG fd receiving */
29 #define PLEDGE_EXEC 0x0000000000080000ULL /* execve, child is free of pledge */
30 #define PLEDGE_ROUTE 0x0000000000100000ULL /* routing lookups */
31 #define PLEDGE_MCAST 0x0000000000200000ULL /* multicast joins */
32 #define PLEDGE_VMINFO 0x0000000000400000ULL /* vminfo listings */
33 #define PLEDGE_PS 0x0000000000800000ULL /* ps listings */
34 #define PLEDGE_DISKLABEL 0x0000000002000000ULL /* disklabels */
35 #define PLEDGE_PF 0x0000000004000000ULL /* pf ioctls */
36 #define PLEDGE_AUDIO 0x0000000008000000ULL /* audio ioctls */
37 #define PLEDGE_DPATH 0x0000000010000000ULL /* mknod & mkfifo */
38 #define PLEDGE_DRM 0x0000000020000000ULL /* drm ioctls */
39 #define PLEDGE_VMM 0x0000000040000000ULL /* vmm ioctls */
43 * Bits outside PLEDGE_USERSET are used by the kernel itself
44 * to track program behaviours which have been observed.
46 #define PLEDGE_USERSET 0x0fffffffffffffffULL
47 #define PLEDGE_STATLIE 0x4000000000000000ULL
48 #define PLEDGE_YPACTIVE 0x8000000000000000ULL /* YP use detected and allowed */