On Thu, Nov 05, 2015 at 10:42:54AM +0100, Marc Espie wrote: > - if (pledge("stdio rpath getpw tty id ps vminfo", NULL) == -1) > + if (pledge("stdio rpath getpw tty proc id ps vminfo", NULL) == -1) > err(1, "pledge");
I think both "proc" and "id" are too much: "id" was added to enable renicing, but "proc" is good enough for that: Index: usr.bin/top/top.c =================================================================== RCS file: /cvs/src/usr.bin/top/top.c,v retrieving revision 1.87 diff -u -p -r1.87 top.c --- usr.bin/top/top.c 4 Nov 2015 21:28:27 -0000 1.87 +++ usr.bin/top/top.c 5 Nov 2015 09:54:04 -0000 @@ -328,7 +328,7 @@ main(int argc, char *argv[]) preset_argc = 0; } while (i != 0); - if (pledge("stdio rpath getpw tty id ps vminfo", NULL) == -1) + if (pledge("stdio rpath getpw tty proc ps vminfo", NULL) == -1) err(1, "pledge"); /* set constants for username/uid display correctly */