Example: cat.c


main(int argc, char *argv[])
{
        int ch;

+       if (pledge("stdio rpath", NULL) == -1)
+               err(1, "pledge");

        [rest of program]

- Restricted to opening existing files, read-only
- Can do things "like stdio"
- Cannot open sockets, pass file descriptors, etc
- Many behaviors curtailed