[viraptor]

Unfortunately just the new api is not enough. Developers still need to actually use it. When I researched seccomp and got really excited about it, I submitted a patch to memcached to enable a restrictive policy. The patch/pr is still there, months later. If the project doesn't care, no amazing tool is going to help us :-(

[quanticle]

Theo understand that, and that's why he's pushing to get the core OpenBSD userspace tools to use pledge. And hopefully, like many other security innovations, patches will spread from OpenBSD to other operating systems.