-------- Original Message --------

>     With Seccomp, a program can restrict which system-calls it is allowed to
> call. The functionality is apparently the same as OpenBSD's Pledge, but with a
> much more complicated API. The complexity of this API is normal because it is
> the interface to the system-call proper and there is still no wrapper to this
> system-call in the C runtime library. Since Pledge isn't available on Linux, it
> might make sense to develop a userspace wrapper to Seccomp whith the API of Pledge

Not sure if you've seen this but I guess getting it into glibc would be an
uphill battle. Maybe I'm wrong but I feel like GNU has NIH possibly due to
license insanity but maybe some other reason (please correct me if you think I'm
wrong on this as it's based on articles/hearsay and no direct familiarity).
Certainly GNUs evaluation of the 0BSD license is lunacy or maybe social
engineering in my opinion though.

"https://itsfoss.com/pledge-linux-port/"

I've also seen a pledge to seccomp command line tool for Linux but that brings
all the problems of apparmor/SELinux IMO. The idea was brought up for OpenBSD
during pledges design and refused by their project leader/designer.

Regards,
    Kc