commit 054f3fd48e662b95ddb20d25898866681971de6e
from: Omar Polo <op@omarpolo.com>
date: Thu Aug 25 11:26:48 2022 UTC

pledge and unveil the scripts

commit - a0b3025bee0b61defd97bb1c5b79554a575a47d9
commit + 054f3fd48e662b95ddb20d25898866681971de6e
blob - 4d7d4bb2b4fba82f3c9ceabcd880867744c11493
blob + 64d4d1459c801e681668f29ebab7f82372b840d2
--- mexp
+++ mexp
@@ -6,12 +6,20 @@ use strict;
 use warnings;
 use v5.32;
 
+use OpenBSD::Pledge;
+use OpenBSD::Unveil;
+
 use lib ".";
 use GotMArc qw(san $logo mid2path initpage endpage);
 
 my $outdir = $ENV{'OUTDIR'};
 die 'Set $OUTDIR' unless defined $outdir;
 
+unveil("/usr/local/bin/mshow", "rx") or die "unveil mshow: $!";
+unveil($outdir, "rwc") or die "unveil $outdir: $!";
+unveil(".", "rwc") or die "unveil .: $!";
+pledge("stdio rpath wpath cpath proc exec") or die "pledge: $!";
+
 my $tid;
 while (<>) {
 	chomp;
blob - a3026d77540a89af22fe8b77ef407f09f990e938
blob + ce57a3f1b58798c2ac360b15923cd025a1400baf
--- mkindex
+++ mkindex
@@ -6,6 +6,9 @@ use strict;
 use warnings;
 use v5.32;
 
+use OpenBSD::Pledge;
+use OpenBSD::Unveil;
+
 use lib ".";
 use GotMArc qw($logo san mid2path initpage endpage);
 
@@ -148,6 +151,10 @@ sub entry {
 	entry_raw($tfh, "", @_);
 }
 
+unveil($outdir, "rwc") or die "unveil $outdir: $!";
+unveil(".", "rwc") or die "unveil .: $!";
+pledge("stdio rpath wpath cpath") or die "pledge: $!";
+
 nextfile();
 
 while (<>) {
blob - 0344ba47d0efb157d63ce5dd59bd7e72258d0a17
blob + 1ec5d0c22f62545f0489c646ef13836583023322
--- pe
+++ pe
@@ -6,6 +6,9 @@ use warnings;
 use v5.32;
 use IO::Poll qw(POLLOUT);
 
+use OpenBSD::Pledge;
+use OpenBSD::Unveil;
+
 my $jobs = $ENV{'MAKE_JOBS'} // 1;
 
 my $poll = IO::Poll->new();
@@ -22,6 +25,9 @@ sub process {
 	say $handle $_ foreach @_;
 }
 
+unveil("./mexp", "rx") or die "unveil mexp: $!";
+pledge("stdio proc exec") or die "pledge: $!";
+
 my @thread;
 while (<>) {
 	print; # continue the pipeline