Example: patch(1)


main(int argc, char *argv[])
{
    ... getopt parsing

+   if (pledge("stdio rpath wpath cpath tmppath fattr", NULL)==-1)
+       err(1, "pledge");


- Needs a lot of filesystem access
- but never uses sockets
- doesn't fork... doesn't execve...