A slightly different beast:
$ touch abcdabcdabcdabcd.a
$ ktrace growfs abcdabcdabcdabcd.a
Abort trap (core dumped)
$ kdump | tail
63324 growfs CALL mprotect(0xe2b84265000,0x1000,0x1<PROT_READ>)
63324 growfs RET mprotect 0
63324 growfs CALL
mmap(0,0x1000,0x3<PROT_READ|PROT_WRITE>,0x1002<MAP_PRIVATE|MAP_ANON>,-1,0)
63324 growfs RET mmap 15591131877376/0xe2e17e09000
63324 growfs CALL
mmap(0,0x1000,0x3<PROT_READ|PROT_WRITE>,0x1002<MAP_PRIVATE|MAP_ANON>,-1,0)
63324 growfs RET mmap 15592351502336/0xe2e60929000
63324 growfs CALL ioctl(3,DIOCGDINFO,0xe2e17e09a00)
63324 growfs PLDG ioctl, "ioctl", errno 1 Operation not permitted
63324 growfs PSIG SIGABRT SIG_DFL
63324 growfs NAMI "growfs.core"
Moving the pledge call a bit down will allow growfs to error out with
ENOTTY instead of crashing. As there are other "disklabel" operations,
further down (e.g. in return_disklabel()), keep the "disklabel" pledge.
Index: growfs.c
===================================================================
RCS file: /var/cvs/src/sbin/growfs/growfs.c,v
retrieving revision 1.50
diff -u -p -r1.50 growfs.c
--- growfs.c 17 Mar 2016 05:27:10 -0000 1.50
+++ growfs.c 28 May 2016 20:02:36 -0000
@@ -1767,9 +1767,6 @@ main(int argc, char **argv)
err(1, "%s", device);
}
- if (pledge("stdio disklabel", NULL) == -1)
- err(1, "pledge");
-
/*
* Now we have a file descriptor for our device, fstat() it to
* figure out the partition number.
@@ -1788,6 +1785,9 @@ main(int argc, char **argv)
else
errx(1, "%s: invalid partition number %u",
device, DISKPART(st.st_rdev));
+
+ if (pledge("stdio disklabel", NULL) == -1)
+ err(1, "pledge");
/*
* Check if that partition is suitable for growing a file system.
