Userland: Tighten a *lot* of pledges! :^)

Since applications using Core::EventLoop no longer need to create a
socket in /tmp/rpc/, and also don't need to listen for incoming
connections on this socket, we can remove a whole bunch of pledges!

Userland/Applets/Audio/main.cpp

@@ -195,18 +195,13 @@ private:
 
 int main(int argc, char** argv)
 {
-    if (pledge("stdio recvfd sendfd accept rpath unix cpath fattr", nullptr) < 0) {
+    if (pledge("stdio recvfd sendfd rpath unix", nullptr) < 0) {
         perror("pledge");
         return 1;
     }
 
     auto app = GUI::Application::construct(argc, argv);
 
-    if (pledge("stdio recvfd sendfd accept rpath unix", nullptr) < 0) {
-        perror("pledge");
-        return 1;
-    }
-
     auto window = GUI::Window::construct();
     window->set_has_alpha_channel(true);
     window->set_title("Audio");
@@ -223,7 +218,7 @@ int main(int argc, char** argv)
 
     unveil(nullptr, nullptr);
 
-    if (pledge("stdio recvfd sendfd accept rpath", nullptr) < 0) {
+    if (pledge("stdio recvfd sendfd rpath", nullptr) < 0) {
         perror("pledge");
         return 1;
     }

Userland/Applets/ClipboardHistory/main.cpp

@@ -16,14 +16,14 @@
 
 int main(int argc, char* argv[])
 {
-    if (pledge("stdio recvfd sendfd accept rpath unix cpath fattr", nullptr) < 0) {
+    if (pledge("stdio recvfd sendfd rpath unix", nullptr) < 0) {
         perror("pledge");
         return 1;
     }
 
     auto app = GUI::Application::construct(argc, argv);
 
-    if (pledge("stdio recvfd sendfd accept rpath", nullptr) < 0) {
+    if (pledge("stdio recvfd sendfd rpath", nullptr) < 0) {
         perror("pledge");
         return 1;
     }

Userland/Applets/Network/main.cpp

@@ -149,18 +149,13 @@ private:
 
 int main(int argc, char* argv[])
 {
-    if (pledge("stdio recvfd sendfd accept rpath unix cpath fattr unix proc exec", nullptr) < 0) {
+    if (pledge("stdio recvfd sendfd rpath unix proc exec", nullptr) < 0) {
         perror("pledge");
         return 1;
     }
 
     auto app = GUI::Application::construct(argc, argv);
 
-    if (pledge("stdio recvfd sendfd accept rpath unix proc exec", nullptr) < 0) {
-        perror("pledge");
-        return 1;
-    }
-
     if (unveil("/res", "r") < 0) {
         perror("unveil");
         return 1;

Userland/Applets/ResourceGraph/main.cpp

@@ -183,14 +183,14 @@ private:
 
 int main(int argc, char** argv)
 {
-    if (pledge("stdio recvfd sendfd accept proc exec rpath unix cpath fattr", nullptr) < 0) {
+    if (pledge("stdio recvfd sendfd proc exec rpath unix", nullptr) < 0) {
         perror("pledge");
         return 1;
     }
 
     auto app = GUI::Application::construct(argc, argv);
 
-    if (pledge("stdio recvfd sendfd accept proc exec rpath", nullptr) < 0) {
+    if (pledge("stdio recvfd sendfd proc exec rpath", nullptr) < 0) {
         perror("pledge");
         return 1;
     }

Userland/Applications/About/main.cpp

@@ -13,14 +13,14 @@
 
 int main(int argc, char** argv)
 {
-    if (pledge("stdio recvfd sendfd accept rpath unix cpath fattr", nullptr) < 0) {
+    if (pledge("stdio recvfd sendfd rpath unix", nullptr) < 0) {
         perror("pledge");
         return 1;
     }
 
     auto app = GUI::Application::construct(argc, argv);
 
-    if (pledge("stdio recvfd sendfd accept rpath", nullptr) < 0) {
+    if (pledge("stdio recvfd sendfd rpath", nullptr) < 0) {
         perror("pledge");
         return 1;
     }

Userland/Applications/Browser/main.cpp

@@ -53,7 +53,7 @@ int main(int argc, char** argv)
         return 1;
     }
 
-    if (pledge("stdio recvfd sendfd accept unix cpath rpath wpath fattr", nullptr) < 0) {
+    if (pledge("stdio recvfd sendfd unix cpath rpath wpath", nullptr) < 0) {
         perror("pledge");
         return 1;
     }
@@ -80,11 +80,6 @@ int main(int argc, char** argv)
         return 1;
     }
 
-    if (pledge("stdio recvfd sendfd accept unix cpath rpath wpath", nullptr) < 0) {
-        perror("pledge");
-        return 1;
-    }
-
     if (unveil("/home", "rwc") < 0) {
         perror("unveil");
         return 1;

Userland/Applications/Calculator/main.cpp

@@ -18,14 +18,14 @@
 
 int main(int argc, char** argv)
 {
-    if (pledge("stdio recvfd sendfd rpath accept unix cpath fattr", nullptr) < 0) {
+    if (pledge("stdio recvfd sendfd rpath unix", nullptr) < 0) {
         perror("pledge");
         return 1;
     }
 
     auto app = GUI::Application::construct(argc, argv);
 
-    if (pledge("stdio recvfd sendfd rpath accept", nullptr) < 0) {
+    if (pledge("stdio recvfd sendfd rpath", nullptr) < 0) {
         perror("pledge");
         return 1;
     }

Userland/Applications/Calendar/main.cpp

@@ -22,14 +22,14 @@
 
 int main(int argc, char** argv)
 {
-    if (pledge("stdio recvfd sendfd rpath accept unix cpath fattr", nullptr) < 0) {
+    if (pledge("stdio recvfd sendfd rpath unix", nullptr) < 0) {
         perror("pledge");
         return 1;
     }
 
     auto app = GUI::Application::construct(argc, argv);
 
-    if (pledge("stdio recvfd sendfd rpath accept", nullptr) < 0) {
+    if (pledge("stdio recvfd sendfd rpath", nullptr) < 0) {
         perror("pledge");
         return 1;
     }

Userland/Applications/CrashReporter/main.cpp

@@ -101,7 +101,7 @@ static TitleAndText build_cpu_registers(const ELF::Core::ThreadInfo& thread_info
 
 int main(int argc, char** argv)
 {
-    if (pledge("stdio recvfd sendfd accept cpath rpath unix fattr", nullptr) < 0) {
+    if (pledge("stdio recvfd sendfd cpath rpath unix", nullptr) < 0) {
         perror("pledge");
         return 1;
     }
@@ -153,7 +153,7 @@ int main(int argc, char** argv)
 
     auto app = GUI::Application::construct(argc, argv);
 
-    if (pledge("stdio recvfd sendfd accept rpath unix", nullptr) < 0) {
+    if (pledge("stdio recvfd sendfd rpath unix", nullptr) < 0) {
         perror("pledge");
         return 1;
     }

Userland/Applications/Debugger/main.cpp

@@ -172,7 +172,7 @@ int main(int argc, char** argv)
 {
     editor = Line::Editor::construct();
 
-    if (pledge("stdio proc ptrace exec rpath tty sigaction cpath unix fattr", nullptr) < 0) {
+    if (pledge("stdio proc ptrace exec rpath tty sigaction cpath unix", nullptr) < 0) {
         perror("pledge");
         return 1;
     }

Userland/Applications/DisplaySettings/main.cpp

@@ -19,14 +19,14 @@
 
 int main(int argc, char** argv)
 {
-    if (pledge("stdio thread recvfd sendfd rpath accept cpath wpath unix fattr", nullptr) < 0) {
+    if (pledge("stdio thread recvfd sendfd rpath cpath wpath unix", nullptr) < 0) {
         perror("pledge");
         return 1;
     }
 
     auto app = GUI::Application::construct(argc, argv);
 
-    if (pledge("stdio thread recvfd sendfd rpath accept cpath wpath", nullptr) < 0) {
+    if (pledge("stdio thread recvfd sendfd rpath cpath wpath", nullptr) < 0) {
         perror("pledge");
         return 1;
     }

Userland/Applications/FileManager/main.cpp

@@ -65,7 +65,7 @@ static bool add_launch_handler_actions_to_menu(RefPtr<GUI::Menu>& menu, const Di
 
 int main(int argc, char** argv)
 {
-    if (pledge("stdio thread recvfd sendfd accept unix cpath rpath wpath fattr proc exec sigaction", nullptr) < 0) {
+    if (pledge("stdio thread recvfd sendfd unix cpath rpath wpath fattr proc exec sigaction", nullptr) < 0) {
         perror("pledge");
         return 1;
     }
@@ -93,7 +93,7 @@ int main(int argc, char** argv)
 
     auto app = GUI::Application::construct(argc, argv);
 
-    if (pledge("stdio thread recvfd sendfd accept cpath rpath wpath fattr proc exec unix", nullptr) < 0) {
+    if (pledge("stdio thread recvfd sendfd cpath rpath wpath fattr proc exec unix", nullptr) < 0) {
         perror("pledge");
         return 1;
     }

Userland/Applications/FontEditor/main.cpp

@@ -20,14 +20,14 @@
 
 int main(int argc, char** argv)
 {
-    if (pledge("stdio recvfd sendfd thread rpath accept unix cpath wpath fattr unix", nullptr) < 0) {
+    if (pledge("stdio recvfd sendfd thread rpath unix cpath wpath", nullptr) < 0) {
         perror("pledge");
         return 1;
     }
 
     auto app = GUI::Application::construct(argc, argv);
 
-    if (pledge("stdio recvfd sendfd thread rpath accept cpath wpath unix", nullptr) < 0) {
+    if (pledge("stdio recvfd sendfd thread rpath cpath wpath", nullptr) < 0) {
         perror("pledge");
         return 1;
     }
@@ -40,7 +40,7 @@ int main(int argc, char** argv)
         return 1;
     }
 
-    if (pledge("stdio recvfd sendfd thread rpath accept cpath wpath", nullptr) < 0) {
+    if (pledge("stdio recvfd sendfd thread rpath cpath wpath", nullptr) < 0) {
         perror("pledge");
         return 1;
     }

Userland/Applications/Help/main.cpp

@@ -36,18 +36,13 @@
 
 int main(int argc, char* argv[])
 {
-    if (pledge("stdio recvfd sendfd accept rpath unix cpath fattr", nullptr) < 0) {
+    if (pledge("stdio recvfd sendfd rpath unix", nullptr) < 0) {
         perror("pledge");
         return 1;
     }
 
     auto app = GUI::Application::construct(argc, argv);
 
-    if (pledge("stdio recvfd sendfd accept rpath unix", nullptr) < 0) {
-        perror("pledge");
-        return 1;
-    }
-
     if (unveil("/res", "r") < 0) {
         perror("unveil");
         return 1;

Userland/Applications/HexEditor/main.cpp

@@ -13,14 +13,14 @@
 
 int main(int argc, char** argv)
 {
-    if (pledge("stdio recvfd sendfd accept rpath unix cpath wpath fattr thread", nullptr) < 0) {
+    if (pledge("stdio recvfd sendfd rpath unix cpath wpath thread", nullptr) < 0) {
         perror("pledge");
         return 1;
     }
 
     auto app = GUI::Application::construct(argc, argv);
 
-    if (pledge("stdio recvfd sendfd accept rpath cpath wpath thread", nullptr) < 0) {
+    if (pledge("stdio recvfd sendfd rpath cpath wpath thread", nullptr) < 0) {
         perror("pledge");
         return 1;
     }

Userland/Applications/IRCClient/main.cpp

@@ -14,7 +14,7 @@
 
 int main(int argc, char** argv)
 {
-    if (pledge("stdio inet unix recvfd sendfd cpath rpath fattr wpath cpath", nullptr) < 0) {
+    if (pledge("stdio inet unix recvfd sendfd cpath rpath wpath", nullptr) < 0) {
         perror("pledge");
         return 1;
     }
@@ -26,11 +26,6 @@ int main(int argc, char** argv)
 
     auto app = GUI::Application::construct(argc, argv);
 
-    if (pledge("stdio inet unix recvfd sendfd rpath wpath cpath", nullptr) < 0) {
-        perror("pledge");
-        return 1;
-    }
-
     if (unveil("/tmp/portal/lookup", "rw") < 0) {
         perror("unveil");
         return 1;

Userland/Applications/KeyboardMapper/main.cpp

@@ -21,14 +21,14 @@ int main(int argc, char** argv)
     args_parser.add_positional_argument(path, "Keyboard character mapping file.", "file", Core::ArgsParser::Required::No);
     args_parser.parse(argc, argv);
 
-    if (pledge("stdio getkeymap thread rpath accept cpath wpath recvfd sendfd unix fattr", nullptr) < 0) {
+    if (pledge("stdio getkeymap thread rpath cpath wpath recvfd sendfd unix", nullptr) < 0) {
         perror("pledge");
         return 1;
     }
 
     auto app = GUI::Application::construct(argc, argv);
 
-    if (pledge("stdio getkeymap thread rpath accept cpath wpath recvfd sendfd", nullptr) < 0) {
+    if (pledge("stdio getkeymap thread rpath cpath wpath recvfd sendfd", nullptr) < 0) {
         perror("pledge");
         return 1;
     }
@@ -50,7 +50,7 @@ int main(int argc, char** argv)
         keyboard_mapper_widget->load_from_system();
     }
 
-    if (pledge("stdio thread rpath accept cpath wpath recvfd sendfd", nullptr) < 0) {
+    if (pledge("stdio thread rpath cpath wpath recvfd sendfd", nullptr) < 0) {
         perror("pledge");
         return 1;
     }

Userland/Applications/KeyboardSettings/main.cpp

@@ -25,7 +25,7 @@
 
 int main(int argc, char** argv)
 {
-    if (pledge("stdio rpath accept cpath wpath recvfd sendfd unix fattr proc exec", nullptr) < 0) {
+    if (pledge("stdio rpath cpath wpath recvfd sendfd unix proc exec", nullptr) < 0) {
         perror("pledge");
         return 1;
     }
@@ -33,7 +33,7 @@ int main(int argc, char** argv)
     // If there is no command line parameter go for GUI.
     auto app = GUI::Application::construct(argc, argv);
 
-    if (pledge("stdio rpath accept recvfd sendfd proc exec", nullptr) < 0) {
+    if (pledge("stdio rpath recvfd sendfd proc exec", nullptr) < 0) {
         perror("pledge");
         return 1;
     }

Userland/Applications/Magnifier/main.cpp

@@ -15,7 +15,7 @@
 
 int main(int argc, char** argv)
 {
-    if (pledge("stdio cpath rpath recvfd sendfd unix fattr", nullptr) < 0) {
+    if (pledge("stdio cpath rpath recvfd sendfd unix", nullptr) < 0) {
         perror("pledge");
         return 1;
     }

Userland/Applications/MouseSettings/main.cpp

@@ -15,7 +15,7 @@
 
 int main(int argc, char** argv)
 {
-    if (pledge("stdio cpath rpath recvfd sendfd unix fattr", nullptr) < 0) {
+    if (pledge("stdio cpath rpath recvfd sendfd unix", nullptr) < 0) {
         perror("pledge");
         return 1;
     }

Userland/Applications/Piano/main.cpp

@@ -25,18 +25,13 @@
 
 int main(int argc, char** argv)
 {
-    if (pledge("stdio thread rpath accept cpath wpath recvfd sendfd unix fattr", nullptr) < 0) {
+    if (pledge("stdio thread rpath cpath wpath recvfd sendfd unix", nullptr) < 0) {
         perror("pledge");
         return 1;
     }
 
     auto app = GUI::Application::construct(argc, argv);
 
-    if (pledge("stdio thread rpath accept cpath wpath recvfd sendfd unix", nullptr) < 0) {
-        perror("pledge");
-        return 1;
-    }
-
     auto audio_client = Audio::ClientConnection::construct();
     audio_client->handshake();
 

Userland/Applications/PixelPaint/main.cpp

@@ -34,14 +34,14 @@
 
 int main(int argc, char** argv)
 {
-    if (pledge("stdio thread recvfd sendfd accept rpath unix wpath cpath fattr", nullptr) < 0) {
+    if (pledge("stdio thread recvfd sendfd rpath unix wpath cpath", nullptr) < 0) {
         perror("pledge");
         return 1;
     }
 
     auto app = GUI::Application::construct(argc, argv);
 
-    if (pledge("stdio thread recvfd sendfd accept rpath wpath cpath", nullptr) < 0) {
+    if (pledge("stdio thread recvfd sendfd rpath wpath cpath", nullptr) < 0) {
         perror("pledge");
         return 1;
     }

Userland/Applications/QuickShow/main.cpp

@@ -31,18 +31,13 @@
 
 int main(int argc, char** argv)
 {
-    if (pledge("stdio recvfd sendfd accept rpath wpath cpath unix fattr thread", nullptr) < 0) {
+    if (pledge("stdio recvfd sendfd rpath wpath cpath unix thread", nullptr) < 0) {
         perror("pledge");
         return 1;
     }
 
     auto app = GUI::Application::construct(argc, argv);
 
-    if (pledge("stdio recvfd sendfd accept cpath rpath wpath unix thread", nullptr) < 0) {
-        perror("pledge");
-        return 1;
-    }
-
     if (!Desktop::Launcher::add_allowed_handler_with_any_url("/bin/QuickShow")) {
         warnln("Failed to set up allowed launch URLs");
         return 1;

Userland/Applications/Run/main.cpp

@@ -12,18 +12,12 @@
 
 int main(int argc, char** argv)
 {
-    if (pledge("stdio recvfd sendfd thread accept cpath rpath wpath unix fattr proc exec", nullptr) < 0) {
+    if (pledge("stdio recvfd sendfd thread cpath rpath wpath unix proc exec", nullptr) < 0) {
         perror("pledge");
         return 1;
     }
 
     auto app = GUI::Application::construct(argc, argv);
-
-    if (pledge("stdio recvfd sendfd thread accept cpath rpath wpath unix proc exec", nullptr) < 0) {
-        perror("pledge");
-        return 1;
-    }
-
     auto window = RunWindow::construct();
 
     window->move_to(12, GUI::Desktop::the().rect().bottom() - GUI::Desktop::the().taskbar_height() - 12 - window->height());

Userland/Applications/SoundPlayer/main.cpp

@@ -20,22 +20,16 @@
 
 int main(int argc, char** argv)
 {
-    if (pledge("stdio recvfd sendfd accept rpath thread unix cpath fattr", nullptr) < 0) {
+    if (pledge("stdio recvfd sendfd rpath thread unix", nullptr) < 0) {
         perror("pledge");
         return 1;
     }
 
     auto app = GUI::Application::construct(argc, argv);
-
-    if (pledge("stdio recvfd sendfd accept rpath thread unix", nullptr) < 0) {
-        perror("pledge");
-        return 1;
-    }
-
     auto audio_client = Audio::ClientConnection::construct();
     audio_client->handshake();
 
-    if (pledge("stdio recvfd sendfd accept rpath thread", nullptr) < 0) {
+    if (pledge("stdio recvfd sendfd rpath thread", nullptr) < 0) {
         perror("pledge");
         return 1;
     }

Userland/Applications/Spreadsheet/main.cpp

@@ -22,14 +22,14 @@
 
 int main(int argc, char* argv[])
 {
-    if (pledge("stdio recvfd sendfd accept rpath unix cpath wpath fattr thread", nullptr) < 0) {
+    if (pledge("stdio recvfd sendfd rpath unix cpath wpath thread", nullptr) < 0) {
         perror("pledge");
         return 1;
     }
 
     auto app = GUI::Application::construct(argc, argv);
 
-    if (pledge("stdio recvfd sendfd thread rpath accept cpath wpath fattr unix", nullptr) < 0) {
+    if (pledge("stdio recvfd sendfd thread rpath cpath wpath unix", nullptr) < 0) {
         perror("pledge");
         return 1;
     }

Userland/Applications/SystemMonitor/main.cpp

@@ -103,18 +103,13 @@ int main(int argc, char** argv)
         sched_setparam(0, &param);
     }
 
-    if (pledge("stdio proc recvfd sendfd accept rpath exec unix cpath fattr", nullptr) < 0) {
+    if (pledge("stdio proc recvfd sendfd rpath exec unix", nullptr) < 0) {
         perror("pledge");
         return 1;
     }
 
     auto app = GUI::Application::construct(argc, argv);
 
-    if (pledge("stdio proc recvfd sendfd accept rpath exec unix", nullptr) < 0) {
-        perror("pledge");
-        return 1;
-    }
-
     if (unveil("/etc/passwd", "r") < 0) {
         perror("unveil");
         return 1;

Userland/Applications/Terminal/main.cpp

@@ -229,7 +229,7 @@ static RefPtr<GUI::Window> create_find_window(VT::TerminalWidget& terminal)
 
 int main(int argc, char** argv)
 {
-    if (pledge("stdio tty rpath accept cpath wpath recvfd sendfd proc exec unix fattr sigaction", nullptr) < 0) {
+    if (pledge("stdio tty rpath cpath wpath recvfd sendfd proc exec unix sigaction", nullptr) < 0) {
         perror("pledge");
         return 1;
     }
@@ -246,7 +246,7 @@ int main(int argc, char** argv)
 
     auto app = GUI::Application::construct(argc, argv);
 
-    if (pledge("stdio tty rpath accept cpath wpath recvfd sendfd proc exec unix", nullptr) < 0) {
+    if (pledge("stdio tty rpath cpath wpath recvfd sendfd proc exec unix", nullptr) < 0) {
         perror("pledge");
         return 1;
     }

Userland/Applications/TextEditor/main.cpp

@@ -15,18 +15,13 @@ using namespace TextEditor;
 
 int main(int argc, char** argv)
 {
-    if (pledge("stdio recvfd sendfd thread rpath accept cpath wpath unix fattr", nullptr) < 0) {
+    if (pledge("stdio recvfd sendfd thread rpath cpath wpath unix", nullptr) < 0) {
         perror("pledge");
         return 1;
     }
 
     auto app = GUI::Application::construct(argc, argv);
 
-    if (pledge("stdio recvfd sendfd thread rpath accept cpath wpath unix", nullptr) < 0) {
-        perror("pledge");
-        return 1;
-    }
-
     const char* preview_mode = "auto";
     const char* file_to_edit = nullptr;
     Core::ArgsParser parser;

Userland/Applications/ThemeEditor/main.cpp

@@ -47,14 +47,14 @@ private:
 
 int main(int argc, char** argv)
 {
-    if (pledge("stdio recvfd sendfd thread rpath accept cpath wpath unix fattr", nullptr) < 0) {
+    if (pledge("stdio recvfd sendfd thread rpath cpath wpath unix", nullptr) < 0) {
         perror("pledge");
         return 1;
     }
 
     auto app = GUI::Application::construct(argc, argv);
 
-    if (pledge("stdio recvfd sendfd thread rpath accept", nullptr) < 0) {
+    if (pledge("stdio recvfd sendfd thread rpath", nullptr) < 0) {
         perror("pledge");
         return 1;
     }

Userland/Applications/Welcome/main.cpp

@@ -12,18 +12,13 @@
 
 int main(int argc, char** argv)
 {
-    if (pledge("stdio recvfd sendfd rpath unix proc accept exec fattr", nullptr) < 0) {
+    if (pledge("stdio recvfd sendfd rpath unix proc exec", nullptr) < 0) {
         perror("pledge");
         return 1;
     }
 
     auto app = GUI::Application::construct(argc, argv);
 
-    if (pledge("stdio recvfd sendfd rpath unix proc accept exec", nullptr) < 0) {
-        perror("pledge");
-        return 1;
-    }
-
     if (unveil("/res", "r") < 0) {
         perror("unveil");
         return 1;

Userland/Demos/CatDog/main.cpp

@@ -17,7 +17,7 @@
 
 int main(int argc, char** argv)
 {
-    if (pledge("stdio recvfd sendfd rpath wpath cpath accept unix fattr", nullptr) < 0) {
+    if (pledge("stdio recvfd sendfd rpath wpath cpath unix", nullptr) < 0) {
         perror("pledge");
         return 1;
     }

Userland/Demos/Eyes/main.cpp

@@ -30,14 +30,14 @@ int main(int argc, char* argv[])
     args_parser.add_option(grid_columns, "Number of columns in grid (incompatible with --number)", "grid-cols", 'c', "number");
     args_parser.parse(argc, argv);
 
-    if (pledge("stdio recvfd sendfd accept rpath unix cpath wpath fattr thread", nullptr) < 0) {
+    if (pledge("stdio recvfd sendfd rpath unix cpath wpath thread", nullptr) < 0) {
         perror("pledge");
         return 1;
     }
 
     auto app = GUI::Application::construct(argc, argv);
 
-    if (pledge("stdio recvfd sendfd accept rpath cpath wpath thread", nullptr) < 0) {
+    if (pledge("stdio recvfd sendfd rpath cpath wpath thread", nullptr) < 0) {
         perror("pledge");
         return 1;
     }

Userland/Demos/Screensaver/Screensaver.cpp

@@ -112,7 +112,7 @@ void Screensaver::draw()
 
 int main(int argc, char** argv)
 {
-    if (pledge("stdio rpath wpath cpath recvfd sendfd cpath unix fattr", nullptr) < 0) {
+    if (pledge("stdio rpath recvfd sendfd unix", nullptr) < 0) {
         perror("pledge");
         return 1;
     }

Userland/Demos/Starfield/Starfield.cpp

@@ -129,7 +129,7 @@ void Starfield::draw()
 int main(int argc, char** argv)
 {
 
-    if (pledge("stdio recvfd sendfd rpath wpath cpath accept unix fattr", nullptr) < 0) {
+    if (pledge("stdio recvfd sendfd rpath unix", nullptr) < 0) {
         perror("pledge");
         return 1;
     }
@@ -151,6 +151,11 @@ int main(int argc, char** argv)
 
     auto app = GUI::Application::construct(argc, argv);
 
+    if (pledge("stdio recvfd sendfd rpath", nullptr) < 0) {
+        perror("pledge");
+        return 1;
+    }
+
     auto app_icon = GUI::Icon::default_icon("app-screensaver");
     auto window = GUI::Window::construct();
 

Userland/Demos/WidgetGallery/main.cpp

@@ -15,14 +15,14 @@
 
 int main(int argc, char** argv)
 {
-    if (pledge("stdio recvfd sendfd rpath accept unix fattr", nullptr) < 0) {
+    if (pledge("stdio recvfd sendfd rpath unix", nullptr) < 0) {
         perror("pledge");
         return 1;
     }
 
     auto app = GUI::Application::construct(argc, argv);
 
-    if (pledge("stdio recvfd sendfd rpath accept", nullptr) < 0) {
+    if (pledge("stdio recvfd sendfd rpath", nullptr) < 0) {
         perror("pledge");
         return 1;
     }

Userland/DevTools/HackStudio/main.cpp

@@ -40,18 +40,13 @@ static void update_path_environment_variable();
 
 int main(int argc, char** argv)
 {
-    if (pledge("stdio recvfd sendfd tty accept rpath cpath wpath proc exec unix fattr thread unix ptrace", nullptr) < 0) {
+    if (pledge("stdio recvfd sendfd tty rpath cpath wpath proc exec unix thread ptrace", nullptr) < 0) {
         perror("pledge");
         return 1;
     }
 
     auto app = GUI::Application::construct(argc, argv);
 
-    if (pledge("stdio recvfd sendfd tty accept rpath cpath wpath proc exec fattr thread unix ptrace", nullptr) < 0) {
-        perror("pledge");
-        return 1;
-    }
-
     s_window = GUI::Window::construct();
     s_window->resize(840, 600);
     s_window->set_icon(Gfx::Bitmap::load_from_file("/res/icons/16x16/app-hack-studio.png"));

Userland/DevTools/Inspector/main.cpp

@@ -34,7 +34,7 @@ using namespace Inspector;
 
 int main(int argc, char** argv)
 {
-    if (pledge("stdio recvfd sendfd rpath accept unix cpath fattr", nullptr) < 0) {
+    if (pledge("stdio recvfd sendfd rpath unix", nullptr) < 0) {
         perror("pledge");
         return 1;
     }
@@ -179,7 +179,7 @@ int main(int argc, char** argv)
     window->show();
     remote_process.update();
 
-    if (pledge("stdio recvfd sendfd rpath accept unix", nullptr) < 0) {
+    if (pledge("stdio recvfd sendfd rpath", nullptr) < 0) {
         perror("pledge");
         return 1;
     }

Userland/DevTools/Playground/main.cpp

@@ -58,14 +58,14 @@ void UnregisteredWidget::paint_event(GUI::PaintEvent& event)
 
 int main(int argc, char** argv)
 {
-    if (pledge("stdio thread recvfd sendfd accept cpath rpath wpath unix fattr", nullptr) < 0) {
+    if (pledge("stdio thread recvfd sendfd cpath rpath wpath unix", nullptr) < 0) {
         perror("pledge");
         return 1;
     }
 
     auto app = GUI::Application::construct(argc, argv);
 
-    if (pledge("stdio thread recvfd sendfd accept rpath cpath wpath unix", nullptr) < 0) {
+    if (pledge("stdio thread recvfd sendfd rpath cpath wpath unix", nullptr) < 0) {
         perror("pledge");
         return 1;
     }
@@ -78,7 +78,7 @@ int main(int argc, char** argv)
         return 1;
     }
 
-    if (pledge("stdio thread recvfd sendfd accept rpath cpath wpath", nullptr) < 0) {
+    if (pledge("stdio thread recvfd sendfd rpath cpath wpath", nullptr) < 0) {
         perror("pledge");
         return 1;
     }

Userland/Games/2048/main.cpp

@@ -24,7 +24,7 @@
 
 int main(int argc, char** argv)
 {
-    if (pledge("stdio rpath wpath cpath recvfd sendfd accept cpath unix fattr", nullptr) < 0) {
+    if (pledge("stdio rpath wpath cpath recvfd sendfd unix", nullptr) < 0) {
         perror("pledge");
         return 1;
     }
@@ -46,7 +46,7 @@ int main(int argc, char** argv)
 
     config->sync();
 
-    if (pledge("stdio rpath recvfd sendfd wpath cpath accept", nullptr) < 0) {
+    if (pledge("stdio rpath recvfd sendfd wpath cpath", nullptr) < 0) {
         perror("pledge");
         return 1;
     }

Userland/Games/Breakout/main.cpp

@@ -15,7 +15,7 @@
 
 int main(int argc, char** argv)
 {
-    if (pledge("stdio recvfd sendfd rpath wpath cpath accept unix fattr", nullptr) < 0) {
+    if (pledge("stdio recvfd sendfd rpath unix", nullptr) < 0) {
         perror("pledge");
         return 1;
     }

Userland/Games/Chess/main.cpp

@@ -28,7 +28,7 @@ int main(int argc, char** argv)
 
     RefPtr<Core::ConfigFile> config = Core::ConfigFile::get_for_app("Chess");
 
-    if (pledge("stdio rpath accept wpath cpath recvfd sendfd thread proc exec", nullptr) < 0) {
+    if (pledge("stdio rpath wpath cpath recvfd sendfd thread proc exec", nullptr) < 0) {
         perror("pledge");
         return 1;
     }

Userland/Games/Conway/main.cpp

@@ -15,14 +15,14 @@
 
 int main(int argc, char** argv)
 {
-    if (pledge("stdio rpath wpath cpath recvfd sendfd accept cpath unix fattr", nullptr) < 0) {
+    if (pledge("stdio rpath wpath cpath recvfd sendfd cpath unix", nullptr) < 0) {
         perror("pledge");
         return 1;
     }
 
     auto app = GUI::Application::construct(argc, argv);
 
-    if (pledge("stdio rpath recvfd sendfd accept", nullptr) < 0) {
+    if (pledge("stdio rpath recvfd sendfd", nullptr) < 0) {
         perror("pledge");
         return 1;
     }

Userland/Games/Minesweeper/main.cpp

@@ -21,14 +21,14 @@
 
 int main(int argc, char** argv)
 {
-    if (pledge("stdio rpath accept wpath cpath recvfd sendfd unix fattr", nullptr) < 0) {
+    if (pledge("stdio rpath wpath cpath recvfd sendfd unix", nullptr) < 0) {
         perror("pledge");
         return 1;
     }
 
     auto app = GUI::Application::construct(argc, argv);
 
-    if (pledge("stdio rpath accept wpath cpath recvfd sendfd", nullptr) < 0) {
+    if (pledge("stdio rpath wpath cpath recvfd sendfd", nullptr) < 0) {
         perror("pledge");
         return 1;
     }

Userland/Games/Pong/main.cpp

@@ -16,14 +16,14 @@
 
 int main(int argc, char** argv)
 {
-    if (pledge("stdio rpath wpath cpath recvfd sendfd accept cpath unix fattr", nullptr) < 0) {
+    if (pledge("stdio rpath wpath cpath recvfd sendfd cpath unix", nullptr) < 0) {
         perror("pledge");
         return 1;
     }
 
     auto app = GUI::Application::construct(argc, argv);
 
-    if (pledge("stdio rpath wpath cpath recvfd sendfd accept", nullptr) < 0) {
+    if (pledge("stdio rpath wpath cpath recvfd sendfd", nullptr) < 0) {
         perror("pledge");
         return 1;
     }

Userland/Games/Snake/main.cpp

@@ -19,14 +19,14 @@
 
 int main(int argc, char** argv)
 {
-    if (pledge("stdio rpath wpath cpath recvfd sendfd accept cpath unix fattr", nullptr) < 0) {
+    if (pledge("stdio rpath wpath cpath recvfd sendfd unix", nullptr) < 0) {
         perror("pledge");
         return 1;
     }
 
     auto app = GUI::Application::construct(argc, argv);
 
-    if (pledge("stdio rpath wpath cpath recvfd sendfd accept", nullptr) < 0) {
+    if (pledge("stdio rpath wpath cpath recvfd sendfd", nullptr) < 0) {
         perror("pledge");
         return 1;
     }

Userland/Services/AudioServer/main.cpp

@@ -10,7 +10,7 @@
 
 int main(int, char**)
 {
-    if (pledge("stdio recvfd thread accept rpath wpath cpath unix fattr", nullptr) < 0) {
+    if (pledge("stdio recvfd thread accept cpath rpath wpath unix", nullptr) < 0) {
         perror("pledge");
         return 1;
     }

Userland/Services/ChessEngine/main.cpp

@@ -11,7 +11,7 @@
 
 int main()
 {
-    if (pledge("stdio recvfd sendfd accept unix rpath cpath fattr", nullptr) < 0) {
+    if (pledge("stdio recvfd sendfd unix rpath", nullptr) < 0) {
         perror("pledge");
         return 1;
     }

Userland/Services/Clipboard/main.cpp

@@ -12,15 +12,11 @@
 
 int main(int, char**)
 {
-    if (pledge("stdio recvfd sendfd accept unix rpath cpath fattr", nullptr) < 0) {
+    if (pledge("stdio recvfd sendfd accept unix", nullptr) < 0) {
         perror("pledge");
         return 1;
     }
     Core::EventLoop event_loop;
-    if (pledge("stdio recvfd sendfd unix accept", nullptr) < 0) {
-        perror("pledge");
-        return 1;
-    }
     if (unveil(nullptr, nullptr) < 0) {
         perror("unveil");
         return 1;

Userland/Services/DHCPClient/main.cpp

@@ -20,7 +20,7 @@
 
 int main([[maybe_unused]] int argc, [[maybe_unused]] char** argv)
 {
-    if (pledge("stdio unix inet cpath rpath fattr", nullptr) < 0) {
+    if (pledge("stdio unix inet cpath rpath", nullptr) < 0) {
         perror("pledge");
         return 1;
     }
@@ -43,7 +43,7 @@ int main([[maybe_unused]] int argc, [[maybe_unused]] char** argv)
     auto ifs = ifs_result.release_value();
     auto client = DHCPv4Client::construct(move(ifs.ready), move(ifs.not_ready));
 
-    if (pledge("stdio inet cpath rpath fattr", nullptr) < 0) {
+    if (pledge("stdio inet cpath rpath", nullptr) < 0) {
         perror("pledge");
         return 1;
     }

Userland/Services/EchoServer/main.cpp

@@ -16,7 +16,7 @@
 
 int main(int argc, char** argv)
 {
-    if (pledge("stdio cpath unix fattr inet id accept", nullptr) < 0) {
+    if (pledge("stdio unix inet id accept", nullptr) < 0) {
         perror("pledge");
         return 1;
     }

Userland/Services/LookupServer/main.cpp

@@ -12,7 +12,7 @@
 
 int main([[maybe_unused]] int argc, [[maybe_unused]] char** argv)
 {
-    if (pledge("stdio accept unix inet cpath rpath fattr", nullptr) < 0) {
+    if (pledge("stdio accept unix inet rpath", nullptr) < 0) {
         perror("pledge");
         return 1;
     }

Userland/Services/NotificationServer/main.cpp

@@ -12,7 +12,7 @@
 
 int main(int argc, char** argv)
 {
-    if (pledge("stdio recvfd sendfd accept rpath wpath cpath unix fattr", nullptr) < 0) {
+    if (pledge("stdio recvfd sendfd accept rpath unix", nullptr) < 0) {
         perror("pledge");
         return 1;
     }

Userland/Services/RequestServer/main.cpp

@@ -15,7 +15,7 @@
 
 int main(int, char**)
 {
-    if (pledge("stdio inet accept unix rpath cpath fattr sendfd recvfd", nullptr) < 0) {
+    if (pledge("stdio inet accept unix rpath sendfd recvfd", nullptr) < 0) {
         perror("pledge");
         return 1;
     }

Userland/Services/Taskbar/main.cpp

@@ -31,7 +31,7 @@ static NonnullRefPtr<GUI::Menu> build_system_menu();
 
 int main(int argc, char** argv)
 {
-    if (pledge("stdio recvfd sendfd accept proc exec rpath unix cpath fattr sigaction", nullptr) < 0) {
+    if (pledge("stdio recvfd sendfd proc exec rpath unix sigaction", nullptr) < 0) {
         perror("pledge");
         return 1;
     }
@@ -46,7 +46,7 @@ int main(int argc, char** argv)
     // We need to obtain the WM connection here as well before the pledge shortening.
     GUI::WindowManagerServerConnection::the();
 
-    if (pledge("stdio recvfd sendfd accept proc exec rpath", nullptr) < 0) {
+    if (pledge("stdio recvfd sendfd proc exec rpath", nullptr) < 0) {
         perror("pledge");
         return 1;
     }

Userland/Services/WebServer/main.cpp

@@ -37,7 +37,7 @@ int main(int argc, char** argv)
         return 1;
     }
 
-    if (pledge("stdio accept rpath inet unix cpath fattr", nullptr) < 0) {
+    if (pledge("stdio accept rpath inet unix", nullptr) < 0) {
         perror("pledge");
         return 1;
     }

Userland/Services/WebSocket/main.cpp

@@ -12,7 +12,7 @@
 
 int main(int, char**)
 {
-    if (pledge("stdio inet accept unix rpath cpath fattr sendfd recvfd", nullptr) < 0) {
+    if (pledge("stdio inet unix rpath sendfd recvfd", nullptr) < 0) {
         perror("pledge");
         return 1;
     }
@@ -22,7 +22,7 @@ int main(int, char**)
 
     Core::EventLoop event_loop;
     // FIXME: Establish a connection to LookupServer and then drop "unix"?
-    if (pledge("stdio inet accept unix sendfd recvfd", nullptr) < 0) {
+    if (pledge("stdio inet unix sendfd recvfd", nullptr) < 0) {
         perror("pledge");
         return 1;
     }

Userland/Services/WindowServer/main.cpp

@@ -19,7 +19,7 @@
 
 int main(int, char**)
 {
-    if (pledge("stdio video thread sendfd recvfd accept rpath wpath cpath unix proc fattr sigaction", nullptr) < 0) {
+    if (pledge("stdio video thread sendfd recvfd accept rpath wpath cpath unix proc sigaction", nullptr) < 0) {
         perror("pledge");
         return 1;
     }

Userland/Shell/main.cpp

@@ -42,7 +42,7 @@ int main(int argc, char** argv)
     });
 
 #ifdef __serenity__
-    if (pledge("stdio rpath wpath cpath proc exec tty accept sigaction unix fattr", nullptr) < 0) {
+    if (pledge("stdio rpath wpath cpath proc exec tty sigaction unix fattr", nullptr) < 0) {
         perror("pledge");
         return 1;
     }