I'd rather have a simple coarse-grained mechanism than whatever feverdream that seccomp, selinux and apparmor are. A convoluted mess incorporating almost Turing complete languages that are just asking to shoot yourself in the foot a mile deep.

The simplicity of pledge is good enough for 99% of use-cases I'd wager AND easy to add to existing code.

There is a port...

    https://github.com/jart/pledge

    https://justine.lol/pledge/

That uses seccomp under the hood and requires a custom libc, I think?

Definitely a nice project, but I don't know if I'd use it in production.