prepare userland for removing chroot(2) from allowed syscalls under pledge(2).

for ntpd(8), removing the pledge call is a first step: futher redesign will occurs later. ok reyk@ benno@
8 years ago · 652935dc64
--- a/src/usr.sbin/ntpd/ntpd.c
+++ b/src/usr.sbin/ntpd/ntpd.c
@ -1,4 +1,4 @@
 /*	$OpenBSD: ntpd.c,v 1.106 2016/02/02 17:51:11 sthen Exp $ */
 /*	$OpenBSD: ntpd.c,v 1.107 2016/05/02 06:25:29 semarie Exp $ */

 /*
 * Copyright (c) 2003, 2004 Henning Brauer <henning@openbsd.org>
@ -230,8 +230,10 @@ main(int argc, char *argv[])
 	 * Constraint processes are forked with certificates in memory,
 	 * then privdrop into chroot before speaking to the outside world.
 	 */
 #if 0	
 	if (pledge("stdio rpath inet settime proc id", NULL) == -1)
 		err(1, "pledge");
 #endif

 	while (quit == 0) {
 		new_cnt = PFD_MAX + constraint_cnt;