Comment by zamalek
Yup, "pledge" is one of my BSD envies. Namespaces and unshare are significantly more complex and we're still told not to use them as a security barrier (which is explicitly in scope for pledge).
Yup, "pledge" is one of my BSD envies. Namespaces and unshare are significantly more complex and we're still told not to use them as a security barrier (which is explicitly in scope for pledge).