Index: src/sniproxy.c
--- src/sniproxy.c.orig
+++ src/sniproxy.c
@@ -71,6 +71,35 @@ main(int argc, char **argv) {
     rlim_t max_nofiles = 65536;
     int opt;
 
+    #ifdef __OpenBSD__
+    if (unveil("/etc/sniproxy.conf", "r") != 0) {
+	perror("unveil /etc/sniproxy.conf");
+	exit(1);
+	}
+    if (unveil("/var/run/sniproxy.pid", "rwc") != 0) {
+	perror("unveil /var/run/sniproxy.pid");
+	exit(1);
+	}
+    if (unveil("/var/log", "rwc") != 0) {
+	perror("unveil /var/log");
+	exit(1);
+	}
+    if (unveil("/var/www/sockets", "rw") != 0) {
+	perror("unveil /var/www/sockets");
+	exit(1);
+	}
+    if (unveil(NULL, NULL) != 0) {
+	perror("unveil");
+	exit(1);
+	}
+
+    if (pledge("stdio getpw inet dns rpath proc id"
+                " wpath cpath unix", NULL) == -1) {
+    fprintf(stderr, "%s: pledge: %s\n", argv[0], strerror(errno));
+    exit(1);
+    }
+    #endif
+
     while ((opt = getopt(argc, argv, "fc:n:V")) != -1) {
         switch (opt) {
             case 'c':
