thodg/got

diff --git a/libexec/got-index-pack/got-index-pack.c b/libexec/got-index-pack/got-index-pack.c
index a6cace5..db94f5f 100644
--- a/libexec/got-index-pack/got-index-pack.c
+++ b/libexec/got-index-pack/got-index-pack.c
@@ -762,7 +762,14 @@ main(int argc, char **argv)
 	}
 
 	imsg_init(&ibuf, GOT_IMSG_FD_CHILD);
-
+#ifndef PROFILE
+	/* revoke access to most system calls */
+	if (pledge("stdio recvfd", NULL) == -1) {
+		err = got_error_from_errno("pledge");
+		got_privsep_send_error(&ibuf, err);
+		return 1;
+	}
+#endif
 	err = got_privsep_recv_imsg(&imsg, &ibuf, 0);
 	if (err)
 		goto done;