[PrimeMcFly]

SELinux/RSBAC/AppArmor/grsecurity and similar.

[saagarjha]

These largely require buy-in from applications just like pledge.

[PrimeMcFly]

They absolutely don't, that's the key difference.

What makes you think otherwise?

[saagarjha]

You can’t just stick sandboxing around arbitrary apps without them breaking.

[PrimeMcFly]

The technologies I listed are not sandboxing, as that term refers to a different category of technology.

And you're right, kind of; you need to set the permissions for apps, but that doesn't mean they need cooperation from the software developers. The whole point is that they don't. With those technologies you can lock down complex closed source programs, something not possible with pledge.

[saagarjha]

Those seem to be of the category of “I have a program and I want to restrict what it does” which seems like a sandbox to me. The problem here is that trying to figure out what goes on this list is difficult for arbitrary programs, even when you’re the one writing it. When you’re just applying it to third party software it’s very likely something will not function correctly.

[PrimeMcFly]

It's not a sandbox though, because it's a different type of technology. You can say it's a type of sandbox in concept, and you could make an argument, but referring to it as a sandbox in a technical discussion simply isn't correct.

> The problem here is that trying to figure out what goes on this list is difficult for arbitrary programs, even when you’re the one writing it. When you’re just applying it to third party software it’s very likely something will not function correctly.

That's why there are things like, for example, SELinux permissive mode, where you run the software as needed and observe the permissions it needs, and then grant it those permissions while denying everything else.