commit 861f3006465e1fe55732efb1052b4e3ddd5474e3
from: Stefan Sperling <stsp@stsp.name>
date: Wed Mar 18 16:13:44 2020 UTC

pledge got-index-pack

commit - 4d0fef1df5fd36438be6d5f1cd6889640ab28c13
commit + 861f3006465e1fe55732efb1052b4e3ddd5474e3
blob - a6cace500399b0016929e88f6e55f865d53c545d
blob + db94f5f3aa5f181c888903b4d1029e4b4bf7db45
--- libexec/got-index-pack/got-index-pack.c
+++ libexec/got-index-pack/got-index-pack.c
@@ -762,7 +762,14 @@ main(int argc, char **argv)
 	}
 
 	imsg_init(&ibuf, GOT_IMSG_FD_CHILD);
-
+#ifndef PROFILE
+	/* revoke access to most system calls */
+	if (pledge("stdio recvfd", NULL) == -1) {
+		err = got_error_from_errno("pledge");
+		got_privsep_send_error(&ibuf, err);
+		return 1;
+	}
+#endif
 	err = got_privsep_recv_imsg(&imsg, &ibuf, 0);
 	if (err)
 		goto done;