[QuantumG]

Which newer techniques?

Honest question.

[nequo]

Not parent but jails and capabilities that are user controlled and not hardcoded into the binary would be nice to see.

[nanolith]

They tried this. The predecessor for pledge / unveil was systrace, which included a user-controlled policy file.

One significant reason that pledge was implemented was because it is possible to disable or mis-configure user-controlled policies. Theo mentions this in his presentation that unveiled pledge, and he's basically referring to things like seccomp and systrace:

https://www.openbsd.org/papers/hackfest2015-pledge/mgp00005....

More explicitly mentioning seLinux / seccomp:

https://www.openbsd.org/papers/hackfest2015-pledge/mgp00008....

https://www.openbsd.org/papers/hackfest2015-pledge/mgp00011....

More explicitly mentioning systrace:

https://www.openbsd.org/papers/hackfest2015-pledge/mgp00009....

Certainly, it's possible to debate the relative merits of this approach, but this is why OpenBSD has moved away from user controlled policies.

[QuantumG]

Do you think they understand the benefits? I think you'd have a lot better chance at enacting change than my emotional rambling has, and if not, lesson learned.