commit - 172011266998fb86e8c844c279e246f54b6981e1
commit + 43012d5817071b74fc38aef617a3eb8f2da4a945
blob - f1cf05099aba625e95492a9375bc08baa4bf08fc
blob + 0bfd597accf4b09dfa3552fc715ec1c20c3108b7
--- got/got.c
+++ got/got.c
argc -= optind;
argv += optind;
+#ifndef PROFILE
+ if (pledge("stdio rpath wpath cpath flock proc exec sendfd unveil",
+ NULL) == -1)
+ err(1, "pledge");
+#endif
if (argc < 1)
usage_add();
argc -= optind;
argv += optind;
+#ifndef PROFILE
+ if (pledge("stdio rpath wpath cpath flock proc exec sendfd unveil",
+ NULL) == -1)
+ err(1, "pledge");
+#endif
if (argc < 1)
usage_remove();
argc -= optind;
argv += optind;
+#ifndef PROFILE
+ if (pledge("stdio rpath wpath cpath fattr flock proc exec sendfd "
+ "unveil", NULL) == -1)
+ err(1, "pledge");
+#endif
if (argc < 1)
usage_revert();
argc -= optind;
argv += optind;
+#ifndef PROFILE
+ if (pledge("stdio rpath wpath cpath fattr flock proc exec sendfd "
+ "unveil", NULL) == -1)
+ err(1, "pledge");
+#endif
if (argc == 1) {
path = realpath(argv[0], NULL);
if (path == NULL) {
argc -= optind;
argv += optind;
+#ifndef PROFILE
+ if (pledge("stdio rpath wpath cpath fattr flock proc exec sendfd "
+ "unveil", NULL) == -1)
+ err(1, "pledge");
+#endif
if (argc != 1)
usage_cherrypick();
argc -= optind;
argv += optind;
+#ifndef PROFILE
+ if (pledge("stdio rpath wpath cpath fattr flock proc exec sendfd "
+ "unveil", NULL) == -1)
+ err(1, "pledge");
+#endif
if (argc != 1)
usage_backout();
argc -= optind;
argv += optind;
+#ifndef PROFILE
+ if (pledge("stdio rpath wpath cpath fattr flock proc exec sendfd "
+ "unveil", NULL) == -1)
+ err(1, "pledge");
+#endif
if (abort_rebase && continue_rebase)
usage_rebase();
else if (abort_rebase || continue_rebase) {