Fairly straightforward pledge for cribbage:
It might fork-exec a pager ($PAGER or more(1)) in instructions()
afterwards only "stdio tty" is needed.
Index: cribbage/crib.c
===================================================================
RCS file: /var/cvs/src/games/cribbage/crib.c,v
retrieving revision 1.18
diff -u -p -r1.18 crib.c
--- cribbage/crib.c 12 Mar 2015 02:19:10 -0000 1.18
+++ cribbage/crib.c 29 Nov 2015 12:42:30 -0000
@@ -49,6 +49,9 @@ main(int argc, char *argv[])
bool playing;
int ch;
+ if(pledge("stdio rpath tty proc exec", NULL) == -1)
+ err(1, "pledge");
+
while ((ch = getopt(argc, argv, "emqr")) != -1)
switch (ch) {
case 'e':
@@ -92,6 +95,8 @@ main(int argc, char *argv[])
mvcur(0, COLS - 1, LINES - 1, 0);
fflush(stdout);
instructions();
+ if (pledge("stdio tty", NULL) == -1)
+ err(1, "pledge");
cbreak();
noecho();
clear();
Index: cribbage/instr.c
===================================================================
RCS file: /var/cvs/src/games/cribbage/instr.c,v
retrieving revision 1.11
diff -u -p -r1.11 instr.c
--- cribbage/instr.c 27 Oct 2009 23:59:24 -0000 1.11
+++ cribbage/instr.c 29 Nov 2015 12:13:21 -0000
@@ -64,7 +64,6 @@ instructions(void)
err(1, "vfork");
/* NOTREACHED */
case 0:
- setgid(getgid());
if (!isatty(1))
pager = "/bin/cat";
else {
