pledge() requests


int pledge(const char *request, char *whitepaths[]);

pledge requests include:

stdio - malloc features + rw
rpath wpath cpath tmppath - path "opening"
fattr - chmod, utimes -- explicit changes to "fd" modes 
unix inet - opening of new sockets
dns - dns lookusp and such
route - route "lookup" features used by routing daemons
sendfd - file descriptor sending via sendmsg
recvfd - file descriptor receiving via recvmsg
getpw - passwd/group file accesses are expected
ioctl - only small subset of ioctl features
tty - subset of ioctl permitted for tty operations

Will be extended slowly, as more needs are found

Combinations of these create "subsets of the posix" environment
which we consider safe & usable