From b0f774585c87158e003e1639d6d0293e5ab60a4c Mon Sep 17 00:00:00 2001
From: Maxim Baz <github@maximbaz.com>
Date: Thu, 12 Apr 2018 23:37:59 +0200
Subject: [PATCH] Declare OpenBSD pledge(2) (#5)

---
 Gopkg.lock         |  2 +-
 main.go            | 14 +++++++++-----
 openbsd/generic.go |  7 +++++++
 openbsd/openbsd.go | 10 ++++++++++
 4 files changed, 27 insertions(+), 6 deletions(-)
 create mode 100644 openbsd/generic.go
 create mode 100644 openbsd/openbsd.go

diff --git a/Gopkg.lock b/Gopkg.lock
index 0a18e99..fcab5f1 100644
--- a/Gopkg.lock
+++ b/Gopkg.lock
@@ -25,6 +25,6 @@
 [solve-meta]
   analyzer-name = "dep"
   analyzer-version = 1
-  inputs-digest = "f0abeb920368b3b2e50d99f6e5705f0ad6ccd5f7e708f639b6c1fa0820364a22"
+  inputs-digest = "559be3832a82b6c8884ca8103c92b2343135b96374cdf98f6cc294427bd26219"
   solver-name = "gps-cdcl"
   solver-version = 1
diff --git a/main.go b/main.go
index 0e4e6ea..79c4a5a 100644
--- a/main.go
+++ b/main.go
@@ -2,8 +2,10 @@ package main
 
 import (
 	"flag"
+	"fmt"
 	"os"
 
+	"github.com/maximbaz/browserpass-native/openbsd"
 	log "github.com/sirupsen/logrus"
 )
 
@@ -17,16 +19,18 @@ func main() {
 	flag.BoolVar(&version, "version", false, "print version and exit")
 	flag.Parse()
 
+	if version {
+		fmt.Println("Browserpass host app version:", VERSION)
+		os.Exit(0)
+	}
+
+	openbsd.Pledge("stdio rpath proc exec")
+
 	log.SetFormatter(&log.TextFormatter{FullTimestamp: true})
 	if verbose {
 		log.SetLevel(log.DebugLevel)
 	}
 
-	if version {
-		log.Info("Browserpass host app version: ", VERSION)
-		os.Exit(0)
-	}
-
 	log.Debugf("Starting browserpass host app v%v", VERSION)
 	process()
 }
diff --git a/openbsd/generic.go b/openbsd/generic.go
new file mode 100644
index 0000000..495b66d
--- /dev/null
+++ b/openbsd/generic.go
@@ -0,0 +1,7 @@
+// +build !openbsd
+
+package openbsd
+
+// Pledge allowed system calls, available only on OpenBSD systems
+func Pledge(promises string) {
+}
diff --git a/openbsd/openbsd.go b/openbsd/openbsd.go
new file mode 100644
index 0000000..d41d6be
--- /dev/null
+++ b/openbsd/openbsd.go
@@ -0,0 +1,10 @@
+// +build openbsd
+
+package openbsd
+
+import "golang.org/x/sys/unix"
+
+// Pledge allowed system calls
+func Pledge(promises string) {
+	unix.Pledge(promises, nil)
+}