Hi, I noticed that when I try to run /usr/libexec/lockspool directly as root I'm getting Abort trap on my machine:
$ /usr/libexec/lockspool Abort trap $ echo $? 134 And in dmesg I can see plenty of pledge logs: lockspool[73511]: pledge "id", syscall 183 lockspool[94755]: pledge "id", syscall 183 lockspool[38910]: pledge "id", syscall 183 1. Is this reproducible on your end? 2. Is "id" pledge request missing here? https://cvsweb.openbsd.org/cgi-bin/cvsweb/src/libexec/lockspool/lockspool.c?rev=1.21 Latest kdump: 919 lockspool RET stat 0 919 lockspool CALL kbind(0x7f7ffffcb278,24,0xc70598ce16a08728) 919 lockspool RET kbind 0 919 lockspool CALL seteuid(0<"root">) 919 lockspool PLDG seteuid, "id", errno 1 Operation not permitted 919 lockspool PSIG SIGABRT SIG_DFL code <74513776> Seems like seteuid(2) is called... Dawid