From: Mike Larkin <mlarkin@nested.page>
Subject: Re: tighten vmd pledge in vm process
To: Dave Voutila <dv@sisu.io>
Cc: tech@openbsd.org
Date: Sun, 16 Nov 2025 18:17:49 -0800

On Thu, Nov 13, 2025 at 09:11:54AM -0500, Dave Voutila wrote:
> I removed send/receive support a few months ago. It required being able
> to pass an fd to the dump file for the vm process to write guest memory
> and hardware state. We shouldn't need recvfd anymore.
>
> Would appreciate some testers to be safe. It works for my local setup,
> but I don't use all the bells and whistles.
>
> -dv
>

ok mlarkin if not already taken care of

> diff refs/heads/master refs/heads/vmd-little-diffs
> commit - b192115449a518b2322cdea11e94ced2e0244fdc
> commit + 3d55590e41dea802f76371c76f45aba5f0617b3b
> blob - 1f7a0fdb7921d459bc38cda69ea831da8d31fd69
> blob + 3b82d3c9047f966790c9d1c0c98053811f3b0220
> --- usr.sbin/vmd/vm.c
> +++ usr.sbin/vmd/vm.c
> @@ -107,9 +107,8 @@ vm_main(int fd, int fd_vmm)
>  	 * stdio - for malloc and basic I/O including events.
>  	 * vmm - for the vmm ioctls and operations.
>  	 * proc exec - fork/exec for launching devices.
> -	 * recvfd - for vm send/recv and sending fd to devices.
>  	 */
> -	if (pledge("stdio vmm proc exec recvfd", NULL) == -1)
> +	if (pledge("stdio vmm proc exec", NULL) == -1)
>  		fatal("pledge");
>
>  	/* Receive our vm configuration. */
> @@ -282,7 +281,7 @@ start_vm(struct vmd_vm *vm, int fd)
>  	init_emulated_hw(vmc, vm->vm_cdrom, vm->vm_disks, nicfds);
>
>  	/* Drop privleges further before starting the vcpu run loop(s). */
> -	if (pledge("stdio vmm recvfd", NULL) == -1)
> +	if (pledge("stdio vmm", NULL) == -1)
>  		fatal("pledge");
>
>  	/*
>