From a24cb0d90008d19feb7a6611aac704a74178d66d Mon Sep 17 00:00:00 2001
From: Frank Denis <github@pureftpd.org>
Date: Wed, 15 Aug 2018 17:56:33 +0200
Subject: [PATCH] Revert "Remove pledge(2) support"

This reverts commit bc3215a8a6188fa0da6d97b4c9319484f599e278.
---
 dnscrypt-proxy/config.go         |  3 +++
 dnscrypt-proxy/main.go           |  2 ++
 dnscrypt-proxy/pledge_openbsd.go | 15 +++++++++++++++
 dnscrypt-proxy/pledge_others.go  | 11 +++++++++++
 4 files changed, 31 insertions(+)
 create mode 100644 dnscrypt-proxy/pledge_openbsd.go
 create mode 100644 dnscrypt-proxy/pledge_others.go

diff --git a/dnscrypt-proxy/config.go b/dnscrypt-proxy/config.go
index 586435f6..72b212bd 100644
--- a/dnscrypt-proxy/config.go
+++ b/dnscrypt-proxy/config.go
@@ -193,6 +193,9 @@ func ConfigLoad(proxy *Proxy, svcFlag *string) error {
 
 	flag.Parse()
 
+	if *child {
+		PledgeChild()
+	}
 	if *svcFlag == "stop" || *svcFlag == "uninstall" {
 		return nil
 	}
diff --git a/dnscrypt-proxy/main.go b/dnscrypt-proxy/main.go
index 637876c7..5c25e6b6 100644
--- a/dnscrypt-proxy/main.go
+++ b/dnscrypt-proxy/main.go
@@ -25,6 +25,8 @@ type App struct {
 func main() {
 	dlog.Init("dnscrypt-proxy", dlog.SeverityNotice, "DAEMON")
 
+	Pledge()
+
 	pwd, err := os.Getwd()
 	if err != nil {
 		dlog.Fatal("Unable to find the path to the current directory")
diff --git a/dnscrypt-proxy/pledge_openbsd.go b/dnscrypt-proxy/pledge_openbsd.go
new file mode 100644
index 00000000..6c5ea2ea
--- /dev/null
+++ b/dnscrypt-proxy/pledge_openbsd.go
@@ -0,0 +1,15 @@
+// +build openbsd
+
+package main
+
+import (
+	"golang.org/x/sys/unix"
+)
+
+func Pledge() {
+	unix.Pledge("stdio rpath wpath cpath tmppath inet fattr flock dns getpw sendfd recvfd proc exec id", nil)
+}
+
+func PledgeChild() {
+	unix.Pledge("stdio rpath wpath cpath tmppath inet fattr flock dns recvfd", nil)
+}
diff --git a/dnscrypt-proxy/pledge_others.go b/dnscrypt-proxy/pledge_others.go
new file mode 100644
index 00000000..59178a68
--- /dev/null
+++ b/dnscrypt-proxy/pledge_others.go
@@ -0,0 +1,11 @@
+// +build !openbsd
+
+package main
+
+func Pledge() {
+
+}
+
+func PledgeChild() {
+
+}