===================================================================
RCS file: /cvs/mandoc/mandocdb.c,v
retrieving revision 1.206
retrieving revision 1.207
diff -u -p -r1.206 -r1.207
--- mandoc/mandocdb.c	2015/11/06 16:30:33	1.206
+++ mandoc/mandocdb.c	2015/11/06 17:33:34	1.207
@@ -1,4 +1,4 @@
-/*	$Id: mandocdb.c,v 1.206 2015/11/06 16:30:33 schwarze Exp $ */
+/*	$Id: mandocdb.c,v 1.207 2015/11/06 17:33:34 schwarze Exp $ */
 /*
  * Copyright (c) 2011, 2012 Kristaps Dzonsons <kristaps@bsd.lv>
  * Copyright (c) 2011-2015 Ingo Schwarze <schwarze@openbsd.org>
@@ -337,6 +337,13 @@ mandocdb(int argc, char *argv[])
 	size_t		  j, sz;
 	int		  ch, i;
 
+#if HAVE_PLEDGE
+	if (pledge("stdio rpath wpath cpath fattr flock proc exec", NULL) == -1) {
+		perror("pledge");
+		return (int)MANDOCLEVEL_SYSERR;
+	}
+#endif
+
 	memset(&conf, 0, sizeof(conf));
 	memset(stmts, 0, STMT__MAX * sizeof(sqlite3_stmt *));
 
@@ -410,6 +417,13 @@ mandocdb(int argc, char *argv[])
 	argc -= optind;
 	argv += optind;
 
+#if HAVE_PLEDGE
+	if (nodb && pledge("stdio rpath", NULL) == -1) {
+		perror("pledge");
+		return (int)MANDOCLEVEL_SYSERR;
+	}
+#endif
+
 	if (OP_CONFFILE == op && argc > 0) {
 		warnx("-C: Too many arguments");
 		goto usage;
@@ -435,6 +449,14 @@ mandocdb(int argc, char *argv[])
 			 * The existing database is usable.  Process
 			 * all files specified on the command-line.
 			 */
+#if HAVE_PLEDGE
+			if (!nodb && pledge("stdio rpath wpath cpath fattr flock",
+			    NULL) == -1) {
+				perror("pledge");
+				exitcode = (int)MANDOCLEVEL_SYSERR;
+				goto out;
+			}
+#endif
 			use_all = 1;
 			for (i = 0; i < argc; i++)
 				filescan(argv[i]);