Note pledge(2) replacement.

Actually add the pledge files...

Makefile

@@ -32,7 +32,8 @@ VERSIONS	 = version_0_4_2.xml \
 		   version_0_7_0.xml \
 		   version_0_7_1.xml \
 		   version_0_7_2.xml \
-		   version_0_7_3.xml
+		   version_0_7_3.xml \
+		   version_0_7_4.xml
 TUTORIALXMLS	 = tutorial0.xml \
 		   tutorial1.xml \
 		   tutorial2.xml

index.xml

@@ -274,13 +274,11 @@ int main(void) {
 						mount-point of <i>/dev/systrace</i> isn't mounted <code>nodev</code>!
 					</dd>
 					<dt>
-						<a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man2/tame.2">tame(2)</a>
+						<a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man2/pledge.2">pledge(2)</a>
 						(<a href="http://www.openbsd.org">OpenBSD</a>)
 					</dt>
 					<dd>
-						This will only work on OpenBSD &#x2265;5.8.
-						(As of this note, this has not been officially released: the system will compile with snapshots,
-						but the function will not register as enabled during configuration.)
+						This will only work on OpenBSD &gt;5.8.
 						It is selected with higher priority over <a
 							href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man4/systrace.4">systrace(4)</a>
 						on OpenBSD machines.

sandbox-pledge.c

@@ -0,0 +1,50 @@
+/*	$Id$ */
+/*
+ * Copyright (c) 2015 Kristaps Dzonsons <kristaps@bsd.lv>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
+#ifdef HAVE_PLEDGE
+
+#include <unistd.h>
+
+#include <stdarg.h>
+
+#include "kcgi.h"
+#include "extern.h"
+
+int
+ksandbox_pledge_init_child(void *arg, enum sandtype type)
+{
+	const char *fl;
+
+	fl = "stdio";
+	if (SAND_CONTROL == type)
+		fl = "stdio unix sendfd recvfd";
+
+	if (-1 == pledge(fl, NULL)) {
+		XWARN("pledge: %s",
+			SAND_CONTROL == type ?
+			"control" : "worker");
+		return(0);
+	}
+	return(1);
+}
+
+#else
+int dummy;
+#endif

test-pledge.c

@@ -0,0 +1,13 @@
+#include <unistd.h>
+
+#include <stdio.h>
+
+int
+main(void)
+{
+	if (-1 == pledge("stdio", NULL)) {
+		perror("pledge");
+		return(1);
+	}
+	return(0);
+}

version_0_7_4.xml

@@ -0,0 +1,14 @@
+<article data-sblg-article="1" data-sblg-tags="version">
+	<header>
+		<h1>0.7.4</h1>
+		<address>Kristaps Dzonsons</address>
+		<time datetime="2015-11-12">2015-11-12</time>
+	</header>
+	<aside>
+		<div>
+			Replace support for tame(2) (which was never enabled in the operating system) with the renamed <a
+				href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man2/pledge.2">pledge(2)</a>.
+			From a patch by James Turner&#8212;thank you!
+		</div>
+	</aside>
+</article>