===================================================================
RCS file: /cvs/mandoc/mandocdb.c,v
retrieving revision 1.217
retrieving revision 1.218
diff -u -p -r1.217 -r1.218
--- mandoc/mandocdb.c	2016/07/09 15:24:19	1.217
+++ mandoc/mandocdb.c	2016/07/12 05:18:38	1.218
@@ -1,4 +1,4 @@
-/*	$Id: mandocdb.c,v 1.217 2016/07/09 15:24:19 schwarze Exp $ */
+/*	$Id: mandocdb.c,v 1.218 2016/07/12 05:18:38 kristaps Exp $ */
 /*
  * Copyright (c) 2011, 2012 Kristaps Dzonsons <kristaps@bsd.lv>
  * Copyright (c) 2011-2016 Ingo Schwarze <schwarze@openbsd.org>
@@ -34,6 +34,9 @@
 #include "compat_fts.h"
 #endif
 #include <limits.h>
+#if HAVE_SANDBOX_INIT
+#include <sandbox.h>
+#endif
 #include <stddef.h>
 #include <stdio.h>
 #include <stdint.h>
@@ -341,6 +344,13 @@ mandocdb(int argc, char *argv[])
 #if HAVE_PLEDGE
 	if (pledge("stdio rpath wpath cpath fattr flock proc exec", NULL) == -1) {
 		warn("pledge");
+		return (int)MANDOCLEVEL_SYSERR;
+	}
+#endif
+
+#if HAVE_SANDBOX_INIT
+	if (sandbox_init(kSBXProfileNoInternet, SANDBOX_NAMED, NULL) == -1) {
+		warnx("sandbox_init");
 		return (int)MANDOCLEVEL_SYSERR;
 	}
 #endif