Hello,
If only rename(2)'ing then it only needs "stdio rpath cpath",
nevertheless if we need to copy to a different partition it also needs
"wpath fattr" for writing and chmod/chown operations, and finally "proc
exec" are needed due to (extracted directly from mv(1)'s man page) ->
"Should the rename(2) call fail because the source and destination are
on different file systems, mv will use cp(1) and rm(1) to accomplish the
move.".
PS: It's not possible to reduce only to "stdio rpath cpath" since
rename(2) happens way before copy() or fastcopy() functions and if it
fails it will call copy() anyway which needs further permissions.
Index: mv.c
===================================================================
RCS file: /cvs/src/bin/mv/mv.c,v
retrieving revision 1.41
diff -u -p -u -r1.41 mv.c
--- mv.c 6 Oct 2015 16:51:15 -0000 1.41
+++ mv.c 16 Nov 2015 18:01:29 -0000
@@ -91,6 +91,9 @@ main(int argc, char *argv[])
stdin_ok = isatty(STDIN_FILENO);
+ if (pledge("stdio rpath wpath cpath fattr proc exec", NULL) == -1)
+ err(1, "pledge");
+
/*
* If the stat on the target fails or the target isn't a directory,
* try the move. More than 2 arguments is an error in this case.
@@ -259,6 +262,9 @@ fastcopy(char *from, char *to, struct st
static char *bp;
int nread, from_fd, to_fd;
int badchown = 0, serrno = 0;
+
+ if (pledge("stdio rpath wpath cpath fattr", NULL) == -1)
+ err(1, "pledge");
if (!blen) {
blen = sbp->st_blksize;
