-------- Original Message --------

> I have absolutely no authority to judge, but I don't like very much the way
> Seccomp is implemented. it would be OK for something experimental because no
> dedicated syscall is needed, but it is still like this after years. Capabilitues
> and Landlock instead seem to be properly integrated into the kernel.

On OpenBSD it's just a kernel supported pledge and unveil syscall. I don't know
anything about seccomp. I guess the ideal of a POSIX API that programmers might
be happy to use for upstream packages benefitting both OpenBSD and Linux may not
happen like it is in OpenBSDs base :( . I'm not sure whether the Firefox pledges
are upstreamed but I think they may be.

Funny how in this review he calls pledge a sandbox when Theo de Raadt is adamant
that pledge isn't a sandbox and that sandboxing is largely a false sense of
security for many applications. Another point is that Roy Marples concludes here
that it is no substitute for good design but of course pledge encourages that.

"https://roy.marples.name/blog/posts/capsicum_vs_pledge_final_thoughts"