On Fri, Apr 17, 2026 at 11:33:16AM +0100, Stuart Henderson wrote:
> On 2026/04/16 08:25, Matthew Luckie wrote:
> > Hi,
> > 
> > I have written a small program that runs unpriviledged that uses
> > IP_RECVIF to obtain the interface a UDP datagram arrives on.  I would
> > like to be able to pledge("inet stdio") but pledge does not allow
> > IP_RECVIF.  I think it should be able to -- pledge_sockopt() allows
> > the equivalent functionality provided by IPV6_RECVPKTINFO.
> 
> Adding this makes sense to me. While some software using this is able
> to do it during init before pledging (e.g. ripd) that doesn't really
> make sense for simpler software where this might be wanted, and as you
> say, IPV6_RECVPKTINFO is allowed already.

The model of setting IP_RECVIF at init before pledging works for my
current use case as well.  I should have thought more carefully about
that.  So, I don't need the patch to kern_pledge.c given other concern
in this thread.  Sorry for the noise (but hopefully the ip.4 patch is
still useful)