[throwaway82652]

Pledge is a bad example, it isn't applied to a lot of packages in the ports tree and it's infeasible to do it for every program. In the end you'll find you end up with the same situation as Linux: another layer on top with daemons implementing blanket security policies using pledge on behalf of the programs. Kind of like... a sandbox.

SELinux is also a bad example, even if you decide you're using that as the underlying technology you still need to implement a sandbox with various on top of it. SELinux does nothing without those rules.

[nix23]

>SELinux is also a bad example

No why? If you have the right (and correct) rules, SELinux absolutely act's as a "sandbox", that's exactly what i meant, a sandbox don't need's to be another layer of software. Run in your "namespace", can just create/access/execute/read your port, files, memory..that's it, that's a sandboxed application.

For example that "namespace-sandbox" is standard in Plan9/9front...without any additional software, just the filesystem and 9p.

https://dwalsh.fedorapeople.org/SELinux/Presentations/sandbo...

[throwaway82652]

Yeah but I mean you still have to set up the sandbox rules and maintain them and the tools if you want a user-friendly sandbox or a nice GUI to manage it.

>For example that "namespace-sandbox" is standard in Plan9/9front...without any additional software, just the filesystem and 9p.

This is what I mean, Plan9 style mount namespaces are also available in Linux and are preferable to SELinux for containers and sandboxes because they're actually simpler and less trouble.

[nix23]

>and are preferable to SELinux for containers and sandboxes because they're actually simpler and less trouble

Hell YES...high five!! ;)