- always call pledge(2) with a string literal, instead of subtracting
promises from a mutable string. Makes it easier to see what privileges
remain.
- call pledge(2) later in the initialization, so that we don't need to
care about too many promises eg "flock".
- always use "cpath" in the main process - needed at least if --pidfile
is passed.
Tested in basic setup, started as root with chroot and started as
_hitch, config reload still works.
ok kn@ (maintainer)
93a5216064