> This patch forces xclock to read XErrorDB before pledge(). Further > calls to any of the X error handler will used the in-memory copy (see > libX11/src/ErrDes.c:147).
So basically, it primes the in-memory cache. Then the syscall codepaths are avoided later on. > I'm not yet 100% sure if there are other code path in lib X11/libXt > that could cause an X application to read files on some events or not. Indeed. Other failing callpaths could be discovered in the future. What I am seeing here is the correct "optimistic application" of pledge to a program. It is incremental learning. Now we can look for the next failure in this simple program. (It would be nice if some folk performed a more academic study of libX11; maybe there are places inside the library where it could pre-cache automatically). Eventually if the pledge strategy works in xclock, then it can apply to other X programs. This could result in the xterm pledge becoming better.