From c35bfea1aa298ce0fafaf49bbfd61e6a48a37f88 Mon Sep 17 00:00:00 2001
From: "C. McEnroe" <june@causal.agency>
Date: Sun, 26 Sep 2021 12:31:03 -0400
Subject: OpenBSD: pledge(2) image

---
 image.c | 17 ++++++++++++++++-
 1 file changed, 16 insertions(+), 1 deletion(-)

diff --git a/image.c b/image.c
index 80e2567..3abcc2e 100644
--- a/image.c
+++ b/image.c
@@ -204,11 +204,16 @@ static int streamWrite(void *cookie, const char *buf, int len) {
 
 static void worker(void) {
 	struct kfcgi *fcgi;
-	enum kcgi_err error = khttp_fcgi_init(
+	int error = khttp_fcgi_init(
 		&fcgi, Keys, KeysLen, Pages, PagesLen, PageTile
 	);
 	if (error) errkcgi(EX_CONFIG, error, "khttp_fcgi_init");
 
+#ifdef __OpenBSD__
+	error = pledge("stdio recvfd", NULL);
+	if (error) err(EX_OSERR, "pledge");
+#endif
+
 	for (;;) {
 		struct kreq req;
 		error = khttp_fcgi_parse(fcgi, &req);
@@ -276,6 +281,16 @@ int main(int argc, char *argv[]) {
 	fontLoad(fontPath);
 	tilesMap(dataPath);
 
+#ifdef __OpenBSD__
+	if (kcgi) {
+		int error = pledge("stdio unix sendfd recvfd proc", NULL);
+		if (error) err(EX_OSERR, "pledge");
+	} else {
+		int error = pledge("stdio", NULL);
+		if (error) err(EX_OSERR, "pledge");
+	}
+#endif
+
 #ifdef __FreeBSD__
 	int error = cap_enter();
 	if (error) err(EX_OSERR, "cap_enter");
-- 
cgit 1.4.1