.\" Title: priv_wrapper
.\" Author: Samba Team
.\" Generator: Asciidoctor 2.0.17
-.\" Date: 2022-09-12
+.\" Date: 2022-09-14
.\" Manual: \ \&
.\" Source: \ \&
.\" Language: English
.\"
-.TH "PRIV_WRAPPER" "1" "2022-09-12" "\ \&" "\ \&"
+.TH "PRIV_WRAPPER" "1" "2022-09-14" "\ \&" "\ \&"
.ie \n(.g .ds Aq \(aq
.el .ds Aq '
.ss \n[.ss] 0
.sp
priv_wrapper aims to help running processes which are dropping privileges or are
restricting resources in test environments.
-It can disable chroot, prctl and setrlmit system calls. A disabled call always
+It can disable chroot, prctl, pledge and setrlmit system calls. A disabled call always
succeeds (i.e. returns 0) and does nothing.
+The system call pledge exists only on OpenBSD.
.SH "ENVIRONMENT VARIABLES"
.sp
\fBPRIV_WRAPPER\fP
RLIMIT_RTTIME
RLIMIT_NLIMITS
.sp
+\fBPRIV_WRAPPER_PLEDGE_DISABLE\fP
+.RS 4
+If this is set to \fI1\fP then pledge() system call will be disabled.
+.RE
+.sp
\fBPRIV_WRAPPER_DEBUGLEVEL\fP
.RS 4
If you need to see what is going on in priv_wrapper itself or try to find a
priv_wrapper aims to help running processes which are dropping privileges or are
restricting resources in test environments.
-It can disable chroot, prctl and setrlmit system calls. A disabled call always
+It can disable chroot, prctl, pledge and setrlmit system calls. A disabled call always
succeeds (i.e. returns 0) and does nothing.
+The system call pledge exists only on OpenBSD.
ENVIRONMENT VARIABLES
---------------------
RLIMIT_RTTIME
RLIMIT_NLIMITS
+*PRIV_WRAPPER_PLEDGE_DISABLE*::
+
+If this is set to '1' then pledge() system call will be disabled.
+
*PRIV_WRAPPER_DEBUGLEVEL*::
If you need to see what is going on in priv_wrapper itself or try to find a