From: Dave Voutila <dv@sisu.io>
Subject: tighten vmd pledge in vm process
To: tech@openbsd.org
Date: Thu, 13 Nov 2025 09:11:54 -0500

I removed send/receive support a few months ago. It required being able
to pass an fd to the dump file for the vm process to write guest memory
and hardware state. We shouldn't need recvfd anymore.

Would appreciate some testers to be safe. It works for my local setup,
but I don't use all the bells and whistles.

-dv

diff refs/heads/master refs/heads/vmd-little-diffs
commit - b192115449a518b2322cdea11e94ced2e0244fdc
commit + 3d55590e41dea802f76371c76f45aba5f0617b3b
blob - 1f7a0fdb7921d459bc38cda69ea831da8d31fd69
blob + 3b82d3c9047f966790c9d1c0c98053811f3b0220
--- usr.sbin/vmd/vm.c
+++ usr.sbin/vmd/vm.c
@@ -107,9 +107,8 @@ vm_main(int fd, int fd_vmm)
 	 * stdio - for malloc and basic I/O including events.
 	 * vmm - for the vmm ioctls and operations.
 	 * proc exec - fork/exec for launching devices.
-	 * recvfd - for vm send/recv and sending fd to devices.
 	 */
-	if (pledge("stdio vmm proc exec recvfd", NULL) == -1)
+	if (pledge("stdio vmm proc exec", NULL) == -1)
 		fatal("pledge");

 	/* Receive our vm configuration. */
@@ -282,7 +281,7 @@ start_vm(struct vmd_vm *vm, int fd)
 	init_emulated_hw(vmc, vm->vm_cdrom, vm->vm_disks, nicfds);

 	/* Drop privleges further before starting the vcpu run loop(s). */
-	if (pledge("stdio vmm recvfd", NULL) == -1)
+	if (pledge("stdio vmm", NULL) == -1)
 		fatal("pledge");

 	/*