Given how fast pledge was able to be put into production, I think it was the right move. I get SELinux can and has (2008) had tools for this, but it really doesn't seem to have caught on.
SELinux was a demonstrator of Type Enforcement by Mitre. It got put into production because why not. There's simpler schemes out there for MAC even on Linux. I'd have recommended OpenBSD clean-slate something like them.
I do like pledge, though. I promoted API reduction a long time. Even deleting the code in kernel for appliances a la Poly2 project. Only so much can be gained with it, though.
I do like pledge, though. I promoted API reduction a long time. Even deleting the code in kernel for appliances a la Poly2 project. Only so much can be gained with it, though.