I haven't followed SELinux in a while. I recall Tresys made tools with dialog boxes to make it about as easy as Windows firewalls. A quick Google leads me to Lobster being an example of what I was thinking of:
Given how fast pledge was able to be put into production, I think it was the right move. I get SELinux can and has (2008) had tools for this, but it really doesn't seem to have caught on.
SELinux was a demonstrator of Type Enforcement by Mitre. It got put into production because why not. There's simpler schemes out there for MAC even on Linux. I'd have recommended OpenBSD clean-slate something like them.
I do like pledge, though. I promoted API reduction a long time. Even deleting the code in kernel for appliances a la Poly2 project. Only so much can be gained with it, though.
https://selinuxproject.org/files/2008_selinux_developer_summ...