From: "Theo de Raadt" <deraadt@openbsd.org>
Subject: Re: patch: relax ni_pledge panic
To: Mark Kettenis <mark.kettenis@xs4all.nl>, semarie@kapouay.eu.org, tech@openbsd.org
Date: Thu, 06 Feb 2025 10:55:51 -0700

Martin Pieuchot <mpi@grenadille.net> wrote:

> I'd rather see a rwlock be used to serialized access to the per-process
> data structures.  I don't see any reason to use the single thread API
> for this and I'd rather not spread its usage.  It is already a pain to
> work with.

I don't understand why this is needed.

unveil and pledge are not performance sensitive and called many times.

The single thread API is designed exactly for this.  Adding piles of
low-level deadlock sensitive mutexes and rwlocks doesn't make sense.