A slightly different beast: $ touch abcdabcdabcdabcd.a $ ktrace growfs abcdabcdabcdabcd.a Abort trap (core dumped) $ kdump | tail 63324 growfs CALL mprotect(0xe2b84265000,0x1000,0x1<PROT_READ>) 63324 growfs RET mprotect 0 63324 growfs CALL mmap(0,0x1000,0x3<PROT_READ|PROT_WRITE>,0x1002<MAP_PRIVATE|MAP_ANON>,-1,0) 63324 growfs RET mmap 15591131877376/0xe2e17e09000 63324 growfs CALL mmap(0,0x1000,0x3<PROT_READ|PROT_WRITE>,0x1002<MAP_PRIVATE|MAP_ANON>,-1,0) 63324 growfs RET mmap 15592351502336/0xe2e60929000 63324 growfs CALL ioctl(3,DIOCGDINFO,0xe2e17e09a00) 63324 growfs PLDG ioctl, "ioctl", errno 1 Operation not permitted 63324 growfs PSIG SIGABRT SIG_DFL 63324 growfs NAMI "growfs.core"
Moving the pledge call a bit down will allow growfs to error out with ENOTTY instead of crashing. As there are other "disklabel" operations, further down (e.g. in return_disklabel()), keep the "disklabel" pledge. Index: growfs.c =================================================================== RCS file: /var/cvs/src/sbin/growfs/growfs.c,v retrieving revision 1.50 diff -u -p -r1.50 growfs.c --- growfs.c 17 Mar 2016 05:27:10 -0000 1.50 +++ growfs.c 28 May 2016 20:02:36 -0000 @@ -1767,9 +1767,6 @@ main(int argc, char **argv) err(1, "%s", device); } - if (pledge("stdio disklabel", NULL) == -1) - err(1, "pledge"); - /* * Now we have a file descriptor for our device, fstat() it to * figure out the partition number. @@ -1788,6 +1785,9 @@ main(int argc, char **argv) else errx(1, "%s: invalid partition number %u", device, DISKPART(st.st_rdev)); + + if (pledge("stdio disklabel", NULL) == -1) + err(1, "pledge"); /* * Check if that partition is suitable for growing a file system.