Moving this to bugs@,
On Thu, Nov 20, 2025 at 06:58:31AM +0000, Jason McIntyre wrote:
> hi!
>
> upgrading to the latest -current snap, amd64. running daily(8):
>
> calendar[87882]: pledge "cpath", syscall 136
>
> syscall 136 seems to be "mkdir". i can't work out which script is
> generating the warning though. it doesn;t seem to be security(8).
>
> the structure of my calendar files are pretty much unchanged for a
> long time. my ~/.calendar/calendar just lists some includes, but
> nothing i can see that might try to create a directory.
As spotted by tb@ the change is related to the addition of
setusercontext(LOGIN_SETXDGENV) and its use by default in
LOGIN_SETALL. I doubt that calendar file processing will ever need
the XDG_RUNTIME_DIR env variable to run, so the diff below removes
LOGIN_SETXDGENV from the flags used. In other contexts, adding
"wpath" may be the right thing do do.
As far as I am concerned this doesn't call for dropping
LOGIN_SETXDGENV from LOGIN_SETALL by default.
Issue reproduced with an empty ~/calendar file, can't reproduce with
the diff below. jmc, does this fix your problem?
ok?
Index: calendar.c
===================================================================
RCS file: /cvs/src/usr.bin/calendar/calendar.c,v
diff -u -p -r1.37 calendar.c
--- calendar.c 1 Feb 2019 16:22:53 -0000 1.37
+++ calendar.c 22 Nov 2025 12:58:55 -0000
@@ -193,7 +193,8 @@ main(int argc, char *argv[])
(void)setpgid(getpid(), getpid());
(void)setlocale(LC_ALL, "");
if (setusercontext(NULL, pw, pw->pw_uid,
- LOGIN_SETALL ^ LOGIN_SETLOGIN))
+ LOGIN_SETALL &
+ ~(LOGIN_SETLOGIN|LOGIN_SETXDGENV)))
err(1, "unable to set user context (uid
%u)",
pw->pw_uid);
if (acstat) {
--
jca
