pledge('', '') always gets the process killed

[dduong42]

I started to add tests in my fork, and I found that a process calling pledge('', '') always gets killed.

$ python3.8 -c "import openbsd; openbsd.pledge('', '')"
Abort trap (core dumped)

I thought that python might be calling some forbidden syscall at the end of the program, so I tried with os._exit:

$ python3.8 -c "import os; import openbsd; openbsd.pledge('', ''); os._exit(0)"
Abort trap (core dumped)

Same issue. On the manual of pledge(2), it is said that _exit(2) is allowed.

A promises value of "" restricts the process to the _exit(2) system call. This can be used for pure computation operating on memory shared with another process.

[dduong42]

I investigated with ktrace and kdump and here is what I've found:

$ ktrace python3.8 -c "import os; import openbsd; openbsd.pledge('', ''); os._exit(0)"
Abort trap (core dumped)
$ kdump -f ktrace.out | tail
 11879 python3.8 CALL  futex(0xf3637407600,0x82<FUTEX_WAKE|FUTEX_PRIVATE_FLAG>,1,0,0)
 11879 python3.8 RET   futex 0
 11879 python3.8 CALL  pledge(0xf367a6675c0,0xf367a6675c0)
 11879 python3.8 STRU  promise=""
 11879 python3.8 STRU  execpromise=""
 11879 python3.8 RET   pledge 0
 11879 python3.8 CALL  futex(0xf35caa1ddc0,0x82<FUTEX_WAKE|FUTEX_PRIVATE_FLAG>,1,0,0)
 11879 python3.8 PLDG  futex, "stdio", errno 1 Operation not permitted
 11879 python3.8 PSIG  SIGABRT SIG_DFL
 11879 python3.8 NAMI  "python3.8.core"

It seems that we would always need at least stdio when we call pledge inside a python process (probably because of the GIL). It might be good to document that somewhere.

[yuce]

Thanks! Could you send a PR for this?