Skip to content
Ruby Interface to OpenBSD pledge(2) system call
Branch: master
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Type Name Latest commit message Commit time
Failed to load latest commit information.



pledge exposes OpenBSD's pledge(2) system call to ruby, allowing a program to restrict the types of operations the program can do after that point. Unlike other similar systems, pledge is specifically designed for programs that need to use a wide variety of operations on initialization, but a fewer number after initialization (when user input will be accepted).

pledge(2) is supported on OpenBSD 5.9+. pledge(2) supports a second argument for execpromises on OpenBSD 6.3+.


First, you need to require the library

require 'pledge'

Then you can use Pledge.pledge as the interface to the pledge(2) system call. You pass Pledge.pledge a string containing tokens for the operations you would like to allow (called promises). For example, if you want to give the process the ability to read from the file system, but not write to the file system or allow network access:


To allow read/write filesystem access, but not network access:

Pledge.pledge("rpath wpath cpath")

To allow inet/unix socket access and DNS queries, but not filesystem access:

Pledge.pledge("inet unix dns")

If you want to use pledging in a console application such as irb or pry, you must include the tty promise:

Pledge.pledge("tty rpath")

You can pass a second string argument containing tokens for the operations you would like to allow in spawned processes (called execpromises). To allow spawning processes that have read/write filesystem access only, but not network access:

Pledge.pledge("proc exec rpath", "stdio rpath wpath cpath")

Pledge is a module that extends itself, you can include it in other classes:

Object.send(:include, Pledge)


See the pledge(2) man page for a description of the allowed promises in the strings passed to Pledge.pledge.

Using an unsupported promise will raise an exception. The “stdio” promise is added automatically to the current process's promises, as ruby does not function without it, but it is not added to the execpromises (as you can execute non-ruby programs).

Reporting issues/bugs

This library uses GitHub Issues for tracking issues/bugs:


The source code is on GitHub:

To get a copy:

git clone git://


  • OpenBSD 5.9+

  • ruby 1.8.7+

  • rake-compiler (if compiling)


To build the library from a git checkout, use the compile task.

rake compile

Running the specs

The rake spec task runs the specs. This is also the default rake task. This will compile the library if not already compiled.



Jeremy Evans <>

You can’t perform that action at this time.