|
|
|
|
|
|
by justincormack
3880 days ago
|
|
|
I don't see how pledge is different from Capsicum which he criticises on this basis, one it is compiled in you cant disable it. (Incidentally Capsicum does seem to be coming to Linux, albeit slowly, and as a self sandboxing technique it is nice to use). |
|
|
This is addressed in the slides. Capsicum is 5 years old and used in 12 programs because it is difficult to implement. Pledge is 6 months old and used in over 400 programs already.