[ori_b]

Did you realize your link points to a more fragile version of pledge?

Linux has added a direct pledge+unveil clone to improve the situation: https://raw.githubusercontent.com/torvalds/linux/master/Docu...

[Zurrrrr]

Stop spreading misinformation. Hell stop replying to me. You're basically a cultist at this point with your irrational emotional devotion.

That's not a 'weaker version of pledge', it's part of a much larger framework with much greater enforcement capabilities.

[ori_b]

I've used it. I know what it does. For a while, I've even run a linux with a slightly patched version of it for some quirky needs of my own.

seccomp-bpf is a more fragile version of pledge; you need to keep changing your sandbox whenever you upgrade glibc, because there's no mechanism to keep syscall usage in sync between the kernel and userspace.

It was fine for my case, because I was implemeting my own direct system calls, and froze any external dependencies, but it's typically very fragile across system and dependency upgrades.