I haven't seen much discussion about applying pledge to ports, so I thought I'd find out how people feel about it.
I chose to start with x11/wmii because a) It's no longer officially developed so (other than updating the port to the last release) it's not going to change. b) I might be the only one left who uses it. I've been running it pledged since it was tame. I can see downsides to this such as, ports maintainers not necessarily being involved in the development of the port and having a lower understanding of the code as compared to OBSD developers with base code, or not having the ability to reorganize or change the code in a way that improves it for pledge. Tim. Index: Makefile =================================================================== RCS file: /cvs/ports/x11/wmii/Makefile,v retrieving revision 1.21 diff -u -p -r1.21 Makefile --- Makefile 12 Nov 2015 09:59:41 -0000 1.21 +++ Makefile 20 Nov 2015 22:33:36 -0000 @@ -3,7 +3,7 @@ COMMENT= dynamic window manager DISTNAME= wmii-3.6 -REVISION= 6 +REVISION= 7 CATEGORIES= x11 HOMEPAGE= http://wmii.suckless.org/ cvs server: Diffing patches Index: patches/patch-cmd_wmii_main_c =================================================================== RCS file: patches/patch-cmd_wmii_main_c diff -N patches/patch-cmd_wmii_main_c --- /dev/null 1 Jan 1970 00:00:00 -0000 +++ patches/patch-cmd_wmii_main_c 20 Nov 2015 22:33:36 -0000 @@ -0,0 +1,13 @@ +$OpenBSD$ +--- cmd/wmii/main.c.orig Sun Oct 18 15:10:20 2015 ++++ cmd/wmii/main.c Sun Oct 18 15:10:33 2015 +@@ -408,6 +408,9 @@ main(int argc, char *argv[]) { + WinAttr wa; + int i; + ++ if (pledge("stdio rpath cpath fattr unix proc exec prot_exec", NULL) == -1) ++ err(1, "pledge"); ++ + fmtinstall('r', errfmt); + fmtinstall('C', Cfmt); + Index: patches/patch-cmd_wmiir_c =================================================================== RCS file: patches/patch-cmd_wmiir_c diff -N patches/patch-cmd_wmiir_c --- /dev/null 1 Jan 1970 00:00:00 -0000 +++ patches/patch-cmd_wmiir_c 20 Nov 2015 22:33:36 -0000 @@ -0,0 +1,13 @@ +$OpenBSD$ +--- cmd/wmiir.c.orig Sun Oct 18 15:09:57 2015 ++++ cmd/wmiir.c Sun Oct 18 15:10:44 2015 +@@ -312,6 +312,9 @@ main(int argc, char *argv[]) { + exectab *tab; + int ret; + ++ if (pledge("stdio unix", NULL) == -1) ++ err(1, "pledge"); ++ + fmtinstall('r', errfmt); + + address = getenv("WMII_ADDRESS");
