Neuter the pledge domain checking for listen, getpeername, and getsockname

also.  The idea is much like rpath is with files, you get an fd and then
you can play with it somewhat.  In the socket space once you have a fd, you
can play with it somewhat.  So you cannot bind, but you can accept.  You
can listen, getpeername, getsockname, and of course set/getsockopt is
somewhat available..  yes, this makes pledge the anti-capsicum, kind of
like salt from Secovlje.. reasoning due to a conversation with tedu

0 files changed, 0 insertions, 0 deletions