pledge "stdio inet rpath" seems to be enough for a YP environment.

rpath is to access /etc/rpc, and inet to talk to portmap & local world.
ok beck

diff --git a/usr.bin/ypcat/ypcat.c b/usr.bin/ypcat/ypcat.c
index 26f9df7..a87f436 100644 (file)
--- a/usr.bin/ypcat/ypcat.c
+++ b/usr.bin/ypcat/ypcat.c
@@ -1,4 +1,4 @@
-/*     $OpenBSD: ypcat.c,v 1.16 2015/02/08 23:40:35 deraadt Exp $ */
+/*     $OpenBSD: ypcat.c,v 1.17 2015/10/10 21:08:09 deraadt Exp $ */
 
 /*
  * Copyright (c) 1992, 1993, 1996 Theo de Raadt <deraadt@theos.com>
@@ -88,6 +88,9 @@ main(int argc, char *argv[])
        extern int optind;
        int notrans, c, r, i;
 
+       if (pledge("stdio rpath inet", NULL) == -1)
+               perror("pledge");
+
        notrans = key = 0;
        while ((c=getopt(argc, argv, "xd:kt")) != -1)
                switch (c) {