From 48801bec1ef80a97c14ec2c9974300a3e2a7eb21 Mon Sep 17 00:00:00 2001
From: Thomas Voss <mail@thomasvoss.com>
Date: Thu, 31 Oct 2024 12:05:35 +0100
Subject: Work on using pledge() in OpenBSD

---
 src/main.c | 19 ++++++++++++++++++-
 1 file changed, 18 insertions(+), 1 deletion(-)

diff --git a/src/main.c b/src/main.c
index e0dd03a..cc001af 100644
--- a/src/main.c
+++ b/src/main.c
@@ -54,8 +54,20 @@ int
 main(int argc, char **argv)
 {
 	mlib_setprogname(argv[0]);
-	setlocale(LC_ALL, "");
 
+	/* TODO: Can we test this in an OpenBSD VM? */
+#if 0 && defined(__OpenBSD__)
+	const char *promises =
+#if GIT_GRAB
+		"stdio rpath prot exec";
+#else
+		"stdio rpath";
+#endif
+	if (pledge("stdio rpath", NULL) == -1)
+		cerr(EXIT_FATAL, "pledge:");
+#endif
+
+	setlocale(LC_ALL, "");
 	if (streq(nl_langinfo(CODESET), "UTF-8")) {
 		lquot = u8"‘";
 		rquot = u8"’";
@@ -367,6 +379,11 @@ getfstream(int globc, char **globv)
 		cerr(EXIT_FATAL, "execvp: git grep -Ilz '':");
 	}
 
+	/* TODO: Can we test this in an OpenBSD VM? */
+#if 0 && defined(__OpenBSD__)
+	if (pledge("stdio rpath") == -1)
+		cerr(EXIT_FATAL, "pledge:");
+#endif
 	close(fds[W]);
 	return fdopen(fds[R], "r");
 }
-- 
cgit v1.2.3