diff --git a/contrib/capsicum-test/capmode.cc b/contrib/capsicum-test/capmode.cc
--- a/contrib/capsicum-test/capmode.cc
+++ b/contrib/capsicum-test/capmode.cc
@@ -594,7 +594,6 @@
AWAIT_INT_MESSAGE(pipefds[0], MSG_CHILD_STARTED);
errno = 0;
EXPECT_CAPMODE(ptrace_(PTRACE_PEEKDATA_, pid, &pid, NULL));
- EXPECT_CAPMODE(waitpid(pid, NULL, WNOHANG));
SEND_INT_MESSAGE(pipefds[0], MSG_PARENT_REQUEST_CHILD_EXIT);
if (verbose) fprintf(stderr, " child finished\n");
}
diff --git a/lib/libsys/wait.2 b/lib/libsys/wait.2
--- a/lib/libsys/wait.2
+++ b/lib/libsys/wait.2
@@ -25,7 +25,7 @@
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
.\" SUCH DAMAGE.
.\"
-.Dd June 24, 2022
+.Dd August 27, 2024
.Dt WAIT 2
.Os
.Sh NAME
@@ -605,9 +605,13 @@
.Pp
The
.Fn wait
-family of functions will not return a child process created with
+family of functions will only return a child process created with
.Xr pdfork 2
-unless specifically directed to do so by specifying its process ID.
+if the calling process is not in
+.Xr capsicum 4
+capability mode, and
+.Nm
+has been explicitly given the child's process ID.
.Sh ERRORS
The
.Fn wait
diff --git a/sys/kern/kern_exit.c b/sys/kern/kern_exit.c
--- a/sys/kern/kern_exit.c
+++ b/sys/kern/kern_exit.c
@@ -1330,6 +1330,18 @@
return (0);
}
+ /*
+ * When running in capsicum(4) mode, make wait(2) ignore
+ * processes created with pdfork(2). This is because one can
+ * disown them - by passing their process descriptor to another
+ * process - which means it needs to be prevented from touching
+ * them afterwards.
+ */
+ if (IN_CAPABILITY_MODE(td) && p->p_procdesc != NULL) {
+ PROC_UNLOCK(p);
+ continue;
+ }
+
nfound++;
PROC_LOCK_ASSERT(p, MA_OWNED);
diff --git a/sys/kern/syscalls.master b/sys/kern/syscalls.master
--- a/sys/kern/syscalls.master
+++ b/sys/kern/syscalls.master
@@ -157,7 +157,7 @@
int fd
);
}
-7 AUE_WAIT4 STD {
+7 AUE_WAIT4 STD|CAPENABLED {
int wait4(
int pid,
_Out_opt_ int *status,