plegde(2) for apropos(1), help(1), man(1), mandoc(1), and whatis(1):

Always needed: stdio rpath (to open multiple files and for .so)
In addition after starting the pager: tmppath (to clean up the temp files)
In addition before starting the pager: proc exec
Looks good to deraadt@.

diff --git a/usr.bin/mandoc/main.c b/usr.bin/mandoc/main.c
index 07aa682..a74303a 100644 (file)
--- a/usr.bin/mandoc/main.c
+++ b/usr.bin/mandoc/main.c
@@ -1,4 +1,4 @@
-/*     $OpenBSD: main.c,v 1.153 2015/10/12 00:07:27 schwarze Exp $ */
+/*     $OpenBSD: main.c,v 1.154 2015/10/12 22:41:18 schwarze Exp $ */
 /*
  * Copyright (c) 2008-2012 Kristaps Dzonsons <kristaps@bsd.lv>
  * Copyright (c) 2010-2012, 2014, 2015 Ingo Schwarze <schwarze@openbsd.org>
@@ -135,6 +135,9 @@ main(int argc, char *argv[])
            0 == strncmp(__progname, "makewhatis", 10))
                return mandocdb(argc, argv);
 
+       if (pledge("stdio rpath tmppath proc exec", NULL) == -1)
+               err(1, "pledge");
+
        /* Search options. */
 
        memset(&conf, 0, sizeof(conf));
@@ -274,6 +277,9 @@ main(int argc, char *argv[])
            !isatty(STDOUT_FILENO))
                use_pager = 0;
 
+       if (!use_pager && pledge("stdio rpath", NULL) == -1)
+               err(1, "pledge");
+
        /* Parse arguments. */
 
        if (argc > 0) {
@@ -955,6 +961,8 @@ spawn_pager(struct tag_files *tag_files)
        case 0:
                break;
        default:
+               if (pledge("stdio rpath tmppath", NULL) == -1)
+                       err(1, "pledge");
                return pager_pid;
        }