sys: add OpenBSD support

Add OpenBSD support, including pledge(2) support by implementing
SYS_EnableSystemCallFilter().

This commit depends on the addition of AdjustFreq() privops and the
addtion of invoking SYS_EnableSystemCallFilter() from PRV_StartHelper().

Only system call filter levels on/off' are supported. Setting level
to 0 disables the filter and setting it to 1 enables it.

Update the documentation to reflect that OpenBSD supports:
- the SCHED_FIFO real-time scheduler (option -P)
- locking chronyd into memory (option -m)
- reload sample history of servers and ref clocks (option -r)
- forking into two process when run as non-root user (option -u)
- maxdrift/maxslewrate of 100000.

configure

@@ -234,6 +234,7 @@ try_libcap=-1
 try_clockctl=0
 feat_scfilter=0
 try_seccomp=-1
+try_pledge=0
 priv_ops=""
 feat_ipv6=1
 feat_phc=1
@@ -447,6 +448,18 @@ case $OPERATINGSYSTEM in
         add_def NETBSD
         echo "Configuring for $SYSTEM"
     ;;
+    OpenBSD)
+        EXTRA_OBJECTS="sys_generic.o sys_openbsd.o sys_posix.o"
+        try_setsched=1
+        try_lockmem=1
+        try_pledge=1
+        add_def OPENBSD
+        if [ $feat_droproot = "1" ]; then
+          add_def FEAT_PRIVDROP
+          priv_ops="ADJUSTTIME ADJUSTFREQ SETTIME"
+        fi
+        echo "Configuring for $SYSTEM"
+    ;;
     Darwin)
         EXTRA_OBJECTS="sys_macosx.o"
         LIBS="$LIBS -lresolv"
@@ -812,6 +825,12 @@ then
   EXTRA_OBJECTS="$EXTRA_OBJECTS sys_linux_scmp.o"
 fi
 
+if [ $feat_scfilter = "1" ] && [ $try_pledge = "1" ] && \
+  test_code 'pledge()' 'unistd.h' '' '' 'pledge("stdio", NULL);'
+then
+  add_def FEAT_SCFILTER
+fi
+
 if [ "x$priv_ops" != "x" ]; then
   EXTRA_OBJECTS="$EXTRA_OBJECTS privops.o"
   add_def PRIVOPS_HELPER