Hello:

On 24 Feb 2026 at 17:29, Didier Kryn wrote:

> > That said, why would anyone need Pledge or Landlock ...

>     Pledge and Landlock do not take control over your system.
One for the good guys then.

> File permissions exist to protect the user against other users, but
> also against herself/himself.
> Security features built inside the application itself by the
> programmer have a similar role ...
Yes, part of the learning process for us users.

>     The author of (eg) the mount command must give this
> application the root priviledge, but doesn't want it to do silly
> things to the system.
Of course.

> ... but it is good programming to enforce the protection of the
> program against its own bugs by some contract passed with the
> kernel.
Yes, good programming is an essential part of all this.

Provided you have *good* programmers doing *good* programming, things
roll along.

But we have also seen *good* (ie: capable) programmers doing absurd
crap, so it is not a given.
No need to elaborate on that, is there?.

> Be it with Pledge or Landlock, there is no visible effect on the
> user; the program does exactly what it is intended to do; you can
> just be assured than it could hardly do harm, even if there was a
> bug or an attack.
Seems an interesting and transparent approach.
ie: *good* programming.

> This is built into the program with the help of the kernel, but
> under program control and without any mysterious external
> mechanism.
Indeed ...
"... without any mysterious external mechanism." is *the* deal
breaker there.

It is all very nice but something tells me that selinux, apparmor and
all the rest of all that is not going away any time soon.

But it is encouraging to know that there are alternatives.

Thank you for taking the time to write this up.

Best,

A.