From 92249a3e6a5e4a5040b5a1aff8398c33799d615c Mon Sep 17 00:00:00 2001
From: Stuart Henderson <sthen@users.noreply.github.com>
Date: Mon, 30 Dec 2019 16:37:39 +0000
Subject: [PATCH 1/2] check for existence of pledge()

---
 configure.ac | 1 +
 1 file changed, 1 insertion(+)

diff --git a/configure.ac b/configure.ac
index 085f7d2..a66c673 100644
--- a/configure.ac
+++ b/configure.ac
@@ -31,6 +31,7 @@ AC_DEFINE([HAVE_STAILQ_IN_SYS_QUEUE], [1], [sys/queue.h have STAILQ_])],
 AC_CHECK_PROGS([MARKDOWN], [markdown_py markdown2 markdown], [echo])
 
 AC_CHECK_FUNCS(strlcpy)
+AC_CHECK_FUNCS(pledge)
 
 AC_CHECK_LIB(socket,socket)
 AC_CHECK_LIB(nsl,getaddrinfo)

From e5df35884c56ca1517e22ce036993f8100a032e1 Mon Sep 17 00:00:00 2001
From: Stuart Henderson <sthen@users.noreply.github.com>
Date: Mon, 30 Dec 2019 16:54:44 +0000
Subject: [PATCH 2/2] use pledge() if available

---
 bgpq4.c | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/bgpq4.c b/bgpq4.c
index 42cf00e..a47e738 100644
--- a/bgpq4.c
+++ b/bgpq4.c
@@ -142,6 +142,13 @@ main(int argc, char* argv[])
 	int widthSet=0, aggregate=0, refine=0, refineLow=0;
 	unsigned long maxlen=0;
 
+#ifdef HAVE_PLEDGE
+	if (pledge("stdio inet dns", NULL) == -1) {
+		sx_report(SX_ERROR, "pledge() failed");
+		exit(1);
+	}
+#endif
+	
 	bgpq_expander_init(&expander,af);
 	if (getenv("IRRD_SOURCES"))
 		expander.sources=getenv("IRRD_SOURCES");