pledge: without proc, Go programs panic on garbage collection due to tgkill #628
Description
In a simple Go program where I use GOMEMLIMIT=2MiB to force GC, it seems the proc promise is required due to the use of tgkill. Maybe that's fine? It does feel a bit odd since we're not necessary doing fork-y things.
The panic stems from
// signalM sends a signal to mp.
func signalM(mp *m, sig int) {
tgkill(getpid(), int(mp.procid), sig)
}
in https://go.dev/src/runtime/os_linux.go
SIGSYS: bad system call
PC=0x465976 m=1 sigcode=1
goroutine 0 [idle]:
runtime.tgkill(0x1b16b, 0x1b16b, 0x17)
/opt/google/go/src/runtime/sys_linux_amd64.s:182 +0x16 fp=0xc000079ea0 sp=0xc000079e98 pc=0x465976
runtime.signalM(0x855060, 0xc000016400?)
/opt/google/go/src/runtime/os_linux.go:553 +0x4f fp=0xc000079ed0 sp=0xc000079ea0 pc=0x43228f
runtime.preemptM(...)
/opt/google/go/src/runtime/signal_unix.go:385
runtime.preemptone(0xc000079f20?)
/opt/google/go/src/runtime/proc.go:5401 +0x7f fp=0xc000079ef0 sp=0xc000079ed0 pc=0x442f5f
runtime.retake(0x1770606b0ca6)
/opt/google/go/src/runtime/proc.go:5308 +0xa9 fp=0xc000079f30 sp=0xc000079ef0 pc=0x442ca9
runtime.sysmon()
/opt/google/go/src/runtime/proc.go:5250 +0x325 fp=0xc000079fa0 sp=0xc000079f30 pc=0x442b05
runtime.mstart1()
/opt/google/go/src/runtime/proc.go:1425 +0x93 fp=0xc000079fc8 sp=0xc000079fa0 pc=0x43a493
runtime.mstart0()
/opt/google/go/src/runtime/proc.go:1382 +0x79 fp=0xc000079ff8 sp=0xc000079fc8 pc=0x43a3d9
runtime.mstart()
/opt/google/go/src/runtime/asm_amd64.s:390 +0x5 fp=0xc00007a000 sp=0xc000079ff8 pc=0x461e45
This repro was a bit more mangled but it's basically
export GOMEMLIMIT=2MiB
./pledge-tip.com -p 'stdio rpath inet unix' program