diff --git a/chat.c b/chat.c
index 296c0c4..08848ae 100644
--- a/chat.c
+++ b/chat.c
@@ -122,6 +122,29 @@ static void signalHandler(int signal) {
 	signals[signal] = 1;
 }
 
+#ifdef __OpenBSD__
+void openbsd_security() {
+	const char	*path = "/";
+	const char *dirs;
+
+	/* config directory */
+	dirs = NULL;
+	path = configPath(&dirs, "");
+	if(unveil(path, "r") == -1)
+		err(1, "can't unveil %s", path);
+
+	/* data directory */
+	dirs = NULL;
+	path = dataPath(&dirs, "");
+	if(unveil(path, "wc") == -1)
+		err(1, "can't unveil %s", path);
+
+	/* restrict system calls to the following categories */
+	if(pledge("inet stdio tty cpath wpath", NULL) == -1)
+		err(1, "can't pledge");
+}
+#endif
+
 int main(int argc, char *argv[]) {
 	setlocale(LC_CTYPE, "");
 
@@ -265,6 +288,12 @@ int main(int argc, char *argv[]) {
 		fcntl(execPipe[1], F_SETFD, FD_CLOEXEC);
 	}
 
+#ifdef __OpenBSD__
+	if(self.restricted) {
+		openbsd_security();
+	}
+#endif
+
 	struct pollfd fds[] = {
 		{ .events = POLLIN, .fd = STDIN_FILENO },
 		{ .events = POLLIN, .fd = irc },