@phnt @mia @lispi314 Yeah seccomp had to be written out of pure spite by a massive sadist.

But from trying it a bit, landlock seems pretty good and somewhat comparable to pledge/unveil and I think close enough even in design that the libraries implementing pledge/unveil via landlock calls makes sense.
Opinion might change over time though, and personally I more wish for OS-level security than program/process hardening, specially due to the nature of Unix where a lot of things are scripts and combinations of arbitrary programs.