From dedcbedc02fee3436925462c797e8f9e306a70b4 Mon Sep 17 00:00:00 2001
From: anton <anton@openbsd.org>
Date: Sun, 19 Feb 2023 18:46:46 +0000
Subject: [PATCH] Make pinsyscall(2) always available for pledged processes.
 Needed by pledge execpromises, as noted by
 regress/sys/kern/pledge/execpromise.

sure deraadt@
---
 sys/kern/kern_pledge.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/sys/kern/kern_pledge.c b/sys/kern/kern_pledge.c
index e5a8a4dd421..5429af4f854 100644
--- a/sys/kern/kern_pledge.c
+++ b/sys/kern/kern_pledge.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: kern_pledge.c,v 1.303 2023/02/11 23:22:17 deraadt Exp $	*/
+/*	$OpenBSD: kern_pledge.c,v 1.304 2023/02/19 18:46:46 anton Exp $	*/
 
 /*
  * Copyright (c) 2015 Nicholas Marriott <nicm@openbsd.org>
@@ -112,6 +112,7 @@ const uint64_t pledge_syscalls[SYS_MAXSYSCALL] = {
 	[SYS_sendsyslog] = PLEDGE_ALWAYS,	/* stack protector reporting */
 	[SYS_thrkill] = PLEDGE_ALWAYS,		/* raise, abort, stack pro */
 	[SYS_utrace] = PLEDGE_ALWAYS,		/* ltrace(1) from ld.so */
+	[SYS_pinsyscall] = PLEDGE_ALWAYS,
 
 	/* "getting" information about self is considered safe */
 	[SYS_getuid] = PLEDGE_STDIO,
-- 
2.20.1