OpenBSD is a highly secure operating system with a small but influential user base. Unlike Linux, which can be difficult for non-experts to understand, OpenBSD’s security features are more accessible. One of its notable features is the pledge() function, which simplifies security by allowing users to control program behavior. While previous attempts to implement pledge() on Linux have been unsuccessful, the author has developed a command-line utility called pledge.com that allows users to easily sandbox programs and restrict their access to certain resources. The utility is lightweight, easy to use, and can be applied to various scenarios, such as limiting file system access and imposing resource quotas on programs.
https://justine.lol/pledge/