Hello:

On 24 Feb 2026 at 12:23, Didier Kryn wrote:

> ... too many mechanisms that pretend to control applications ...
> ... practically out of admin's control: SELinux, Apparmor, ...
Which is the *main* reason that their use should be avoided.
It is *my* bloody box, right?
So it is *my* administration, my rules.

> SELinux:
> ... read Selinux was being deprecated by Apparmor.
> ... no idea how it works.
> AFAIU, it works under the hood, out of the control of the user and
> even the admin ...
See above.

>Linux Capabilities:
> ... permissions granted to the program by "extended attributes"...
> ... extended attributes are invisible to the user: "ls" doesn't
> show them and there isn't even a command to show them ...
Again, see above.

> POSIX ACL:
> Linux implements it by the means of extended attributes, I don't
> know for which use other than claiming "POSIX compliance".
And yet again ...

> Apparmor:
> ... documentation of Apparmor talks of "capabilities"
> ... seems to have the same defects as SELinux: practically
> impossible to manage by the admin.
Yes, again ...

> Pledge: Pledge is the OpenBSD
> ... fine-grained configuration of permissions is set by the program
> itself instead of invisible executable file attributes.
This would seem to be a good start.

> Landlock:
> Landlock "restrictions" are set by the program itself, in the same
> fashion as Pledge, and are inherited by any child process or
> executed program.
> ... works by globally denying itself a large set of access rights and then
> introducing selected exceptions for selected objects.
At least the owner of the box *knows* what is going on and can work
on that as needed.

If I understood the half of it (pledge/landlock), it sounds good.

That said, why would anyone need Pledge or Landlock installed by
default in a desktop box? ie: like it happens with apparomor,
selinux, etc.

Best,

A.