The call bears system call number 108 , which has been the only unchanged part about it since its original introduction to syscalls.master some 3 months prior as sys_tame(int flags), having since hazed its way through multiple incarnations to arrive at the present and more modern-looking sys_pledge(const char *request, const char **paths).
What's it for? Pledge is OpenBSD's answer to capsicum(4) capabilities and libcapsicum from FreeBSD and seccomp(2) from Linux, but done the OpenBSD way — fewer knobs and easier IU for higher adoption. In his presentation, Theo proclaims that "tame() implementation is only 1200 lines of code", and programmes "can use it with 3-10 changes", and that some hundred ones have already been tamed with minimal effort (and are currently pledging).
Some examples include cat , mkdir and patch , which all require merely two lines of code each. The original idea for syscall 108 came from the recent file(1) rewrite, which originally required 300 lines of systrace code to sandbox, which can now be accomplished in merely 4 lines with pledge
The interface has not been declared stable or cross-platform yet, but the mailing list posts and commits do show active adoption within OpenBSD.