Example: ping.c ... open raw socket ... drop setuid ... getopt parsing ... many setsockopt calls + if (options & F_NUMERIC) { + if (pledge("stdio inet", NULL) == -1) + err(1, "pledge"); + } else { + if (pledge("stdio inet dns", NULL) == -1) + err(1, "pledge"); + } [main loop of ping] - unable to open/create in filesystem - can't fork, execve, change uid... - lots of syscalls blocked..