Strengthen the pledge() polyfill

test/libc/calls/access_test.c

@@ -29,6 +29,10 @@
 
 char testlib_enable_tmp_setup_teardown;
 
+__attribute__((__constructor__)) static void init(void) {
+  pledge("stdio rpath wpath cpath fattr", 0);
+}
+
 TEST(access, efault) {
   ASSERT_SYS(EFAULT, -1, access(0, F_OK));
   if (IsWindows() && !IsAsan()) return;  // not possible

test/libc/calls/chdir_test.c

@@ -24,6 +24,10 @@
 
 char testlib_enable_tmp_setup_teardown;
 
+__attribute__((__constructor__)) static void init(void) {
+  pledge("stdio rpath wpath cpath fattr", 0);
+}
+
 TEST(chdir, efault) {
   ASSERT_SYS(EFAULT, -1, chdir(0));
   if (IsWindows() && !IsAsan()) return;  // not possible

test/libc/calls/commandv_test.c

@@ -39,6 +39,10 @@ char tmp[PATH_MAX];
 char pathbuf[PATH_MAX];
 char testlib_enable_tmp_setup_teardown;
 
+__attribute__((__constructor__)) static void init(void) {
+  pledge("stdio rpath wpath cpath fattr", 0);
+}
+
 void SetUp(void) {
   static int x;
   mkdir("bin", 0755);

test/libc/calls/dup_test.c

@@ -32,6 +32,10 @@
 
 char testlib_enable_tmp_setup_teardown;
 
+__attribute__((__constructor__)) static void init(void) {
+  pledge("stdio rpath wpath cpath fattr proc exec", 0);
+}
+
 static textstartup void TestInit(int argc, char **argv) {
   int fd;
   if (argc == 2 && !strcmp(argv[1], "boop")) {

test/libc/calls/execve_test.c

@@ -32,6 +32,11 @@ STATIC_YOINK("zip_uri_support");
 int ws, pid;
 char testlib_enable_tmp_setup_teardown;
 
+__attribute__((__constructor__)) static void init(void) {
+  // TODO(jart): what's up with rhel5 / rhel7?
+  // pledge("stdio rpath wpath cpath fattr proc exec", 0);
+}
+
 bool UsingBinfmtMisc(void) {
   return fileexists("/proc/sys/fs/binfmt_misc/APE");
 }

test/libc/calls/fcntl_test.c

@@ -30,6 +30,10 @@
 
 char testlib_enable_tmp_setup_teardown;
 
+__attribute__((__constructor__)) static void init(void) {
+  pledge("stdio rpath wpath cpath fattr", 0);
+}
+
 TEST(fcntl_getfl, testRemembersAccessMode) {
   int fd;
   ASSERT_NE(-1, (fd = open("foo", O_CREAT | O_RDWR, 0644)));

test/libc/calls/fileexists_test.c

@@ -23,6 +23,10 @@
 
 char testlib_enable_tmp_setup_teardown;
 
+__attribute__((__constructor__)) static void init(void) {
+  pledge("stdio rpath wpath cpath fattr", 0);
+}
+
 TEST(fileexists, test) {
   EXPECT_SYS(0, 0, fileexists("doge"));
   EXPECT_SYS(0, 0, isdirectory("doge"));

test/libc/calls/ftruncate_test.c

@@ -31,6 +31,10 @@ int64_t fd;
 struct stat st;
 const char *path;
 
+__attribute__((__constructor__)) static void init(void) {
+  pledge("stdio rpath wpath cpath", 0);
+}
+
 TEST(ftruncate, test) {
   mkdir("o", 0755);
   mkdir("o/tmp", 0755);

test/libc/calls/getcwd_test.c

@@ -28,6 +28,10 @@
 
 char testlib_enable_tmp_setup_teardown;
 
+__attribute__((__constructor__)) static void init(void) {
+  pledge("stdio rpath cpath fattr", 0);
+}
+
 TEST(getcwd, test) {
   char buf[PATH_MAX];
   EXPECT_SYS(0, 0, mkdir("subdir", 0755));

test/libc/calls/lseek_test.c

@@ -27,6 +27,10 @@
 
 char testlib_enable_tmp_setup_teardown;
 
+__attribute__((__constructor__)) static void init(void) {
+  pledge("stdio rpath wpath cpath fattr proc", 0);
+}
+
 TEST(lseek, wat) {
   int fd, pid;
   char buf[8] = {0};

test/libc/calls/mkdir_test.c

@@ -30,6 +30,10 @@
 
 char testlib_enable_tmp_setup_teardown;
 
+__attribute__((__constructor__)) static void init(void) {
+  pledge("stdio rpath wpath cpath fattr", 0);
+}
+
 void SetUp(void) {
   errno = 0;
 }

test/libc/calls/open_test.c

@@ -27,6 +27,10 @@
 
 char testlib_enable_tmp_setup_teardown;
 
+__attribute__((__constructor__)) static void init(void) {
+  pledge("stdio rpath wpath cpath fattr", 0);
+}
+
 TEST(open, efault) {
   ASSERT_SYS(EFAULT, -1, open(0, O_RDONLY));
   if (IsWindows() && !IsAsan()) return;  // not possible

test/libc/calls/pread_test.c

@@ -20,10 +20,13 @@
 #include "libc/sysv/consts/o.h"
 #include "libc/testlib/testlib.h"
 
+int fd;
+char buf[8];
 char testlib_enable_tmp_setup_teardown;
 
-static int fd;
-static char buf[8];
+__attribute__((__constructor__)) static void init(void) {
+  pledge("stdio rpath wpath cpath fattr", 0);
+}
 
 TEST(dog, testReadPastEof_returnsZero) {
   EXPECT_NE(-1, (fd = open("a", O_RDWR | O_CREAT | O_TRUNC, 0644)));

test/libc/calls/printargs_test.c

@@ -22,6 +22,10 @@
 #include "libc/testlib/testlib.h"
 #include "libc/x/x.h"
 
+__attribute__((__constructor__)) static void init(void) {
+  pledge("stdio rpath tty", 0);
+}
+
 /**
  * @fileoverview platform arguments tool
  *

test/libc/calls/readlinkat_test.c

@@ -32,6 +32,10 @@
 
 char testlib_enable_tmp_setup_teardown;
 
+__attribute__((__constructor__)) static void init(void) {
+  pledge("stdio rpath wpath cpath fattr", 0);
+}
+
 TEST(readlink, enoent) {
   char buf[32];
   ASSERT_SYS(ENOENT, -1, readlink("doesnotexist", buf, 32));

test/libc/calls/renameat_test.c

@@ -24,6 +24,10 @@
 
 char testlib_enable_tmp_setup_teardown;
 
+__attribute__((__constructor__)) static void init(void) {
+  pledge("stdio rpath wpath cpath fattr", 0);
+}
+
 TEST(rename, enoent) {
   EXPECT_SYS(ENOENT, -1, rename("foo", ""));
   EXPECT_SYS(ENOENT, -1, rename("", "foo"));

test/libc/calls/seccomp_test.c

@@ -33,6 +33,10 @@
 #include "libc/testlib/testlib.h"
 #include "tool/net/sandbox.h"
 
+__attribute__((__constructor__)) static void init(void) {
+  pledge("stdio rpath proc", 0);
+}
+
 // It's been reported that Chromebooks return EINVAL here.
 bool CanUseSeccomp(void) {
   int ws, pid;

test/libc/calls/setitimer_test.c

@@ -30,6 +30,10 @@
 
 bool gotsig;
 
+__attribute__((__constructor__)) static void init(void) {
+  pledge("stdio rpath", 0);
+}
+
 void OnSigAlrm(int sig, siginfo_t *si, ucontext_t *ctx) {
   EXPECT_EQ(SIGALRM, sig);
   EXPECT_EQ(SIGALRM, si->si_signo);

test/libc/calls/sigaction_test.c

@@ -31,9 +31,12 @@
 #include "third_party/xed/x86.h"
 
 struct sigaction oldsa;
-
 volatile bool gotsigint;
 
+__attribute__((__constructor__)) static void init(void) {
+  pledge("stdio rpath proc", 0);
+}
+
 void OnSigInt(int sig) {
   CheckStackIsAligned();
   gotsigint = true;

test/libc/calls/signal_test.c

@@ -28,6 +28,10 @@ testonly void OnUsr1(int sig) {
   _exit(0);
 }
 
+__attribute__((__constructor__)) static void init(void) {
+  pledge("stdio rpath proc", 0);
+}
+
 TEST(signal, test) {
   ASSERT_NE(SIG_ERR, signal(SIGUSR1, OnUsr1));
   ASSERT_NE(-1, raise(SIGUSR1));

test/libc/calls/sigprocmask_test.c

@@ -28,6 +28,10 @@
 
 volatile int n;
 
+__attribute__((__constructor__)) static void init(void) {
+  pledge("stdio rpath proc", 0);
+}
+
 void OnSig(int sig, siginfo_t *si, ucontext_t *ctx) {
   ++n;
 }

test/libc/calls/stat_test.c

@@ -36,6 +36,10 @@ STATIC_YOINK("zip_uri_support");
 
 char testlib_enable_tmp_setup_teardown;
 
+__attribute__((__constructor__)) static void init(void) {
+  pledge("stdio rpath wpath cpath fattr", 0);
+}
+
 TEST(stat_010, testEmptyFile_sizeIsZero) {
   struct stat st;
   memset(&st, -1, sizeof(st));

test/libc/calls/symlinkat_test.c

@@ -30,6 +30,10 @@ char testlib_enable_tmp_setup_teardown;
 char p[2][PATH_MAX];
 struct stat st;
 
+__attribute__((__constructor__)) static void init(void) {
+  pledge("stdio rpath wpath cpath fattr", 0);
+}
+
 TEST(symlink, enoent) {
   ASSERT_SYS(ENOENT, -1, symlink("o/foo", ""));
   ASSERT_SYS(ENOENT, -1, symlink("o/foo", "o/bar"));

test/libc/calls/unlinkat_test.c

@@ -23,6 +23,10 @@
 
 char testlib_enable_tmp_setup_teardown;
 
+__attribute__((__constructor__)) static void init(void) {
+  pledge("stdio rpath wpath cpath fattr", 0);
+}
+
 TEST(unlink, efault) {
   ASSERT_SYS(EFAULT, -1, unlink(0));
   if (IsWindows() && !IsAsan()) return;  // not possible

test/libc/calls/utimensat_test.c

@@ -29,6 +29,10 @@
 
 char testlib_enable_tmp_setup_teardown;
 
+__attribute__((__constructor__)) static void init(void) {
+  pledge("stdio rpath wpath cpath fattr", 0);
+}
+
 TEST(utimensat, test) {
   struct stat st;
   struct timespec ts[2] = {

test/libc/calls/writev_test.c

@@ -31,6 +31,10 @@
 
 char testlib_enable_tmp_setup_teardown;
 
+__attribute__((__constructor__)) static void init(void) {
+  pledge("stdio rpath wpath cpath fattr", 0);
+}
+
 TEST(writev, test) {
   int fd;
   char ba[1] = "a";