oops; several got commands were missing their pledge(2) calls
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88
diff --git a/got/got.c b/got/got.c
index f1cf050..0bfd597 100644
--- a/got/got.c
+++ b/got/got.c
@@ -2493,6 +2493,11 @@ cmd_add(int argc, char *argv[])
argc -= optind;
argv += optind;
+#ifndef PROFILE
+ if (pledge("stdio rpath wpath cpath flock proc exec sendfd unveil",
+ NULL) == -1)
+ err(1, "pledge");
+#endif
if (argc < 1)
usage_add();
@@ -2587,6 +2592,11 @@ cmd_remove(int argc, char *argv[])
argc -= optind;
argv += optind;
+#ifndef PROFILE
+ if (pledge("stdio rpath wpath cpath flock proc exec sendfd unveil",
+ NULL) == -1)
+ err(1, "pledge");
+#endif
if (argc < 1)
usage_remove();
@@ -2688,6 +2698,11 @@ cmd_revert(int argc, char *argv[])
argc -= optind;
argv += optind;
+#ifndef PROFILE
+ if (pledge("stdio rpath wpath cpath fattr flock proc exec sendfd "
+ "unveil", NULL) == -1)
+ err(1, "pledge");
+#endif
if (argc < 1)
usage_revert();
@@ -2935,6 +2950,11 @@ cmd_commit(int argc, char *argv[])
argc -= optind;
argv += optind;
+#ifndef PROFILE
+ if (pledge("stdio rpath wpath cpath fattr flock proc exec sendfd "
+ "unveil", NULL) == -1)
+ err(1, "pledge");
+#endif
if (argc == 1) {
path = realpath(argv[0], NULL);
if (path == NULL) {
@@ -3053,6 +3073,11 @@ cmd_cherrypick(int argc, char *argv[])
argc -= optind;
argv += optind;
+#ifndef PROFILE
+ if (pledge("stdio rpath wpath cpath fattr flock proc exec sendfd "
+ "unveil", NULL) == -1)
+ err(1, "pledge");
+#endif
if (argc != 1)
usage_cherrypick();
@@ -3163,6 +3188,11 @@ cmd_backout(int argc, char *argv[])
argc -= optind;
argv += optind;
+#ifndef PROFILE
+ if (pledge("stdio rpath wpath cpath fattr flock proc exec sendfd "
+ "unveil", NULL) == -1)
+ err(1, "pledge");
+#endif
if (argc != 1)
usage_backout();
@@ -3458,6 +3488,11 @@ cmd_rebase(int argc, char *argv[])
argc -= optind;
argv += optind;
+#ifndef PROFILE
+ if (pledge("stdio rpath wpath cpath fattr flock proc exec sendfd "
+ "unveil", NULL) == -1)
+ err(1, "pledge");
+#endif
if (abort_rebase && continue_rebase)
usage_rebase();
else if (abort_rebase || continue_rebase) {