pledge is not similar to jails in any way, jails are "chroot on steroids" (isolate network, PIDs, users, etc.)
pledge is more similar to Capsicum. It is simpler to implement in some programs, sure, but:
1) I don't like how pledge just kills the program. Rude. Capsicum refuses the offending operation.
2) Capsicum has an absolutely brilliant feature for directory access — you just open() a file descriptor to a directory, then you cap_enter()… and in the sandbox mode you can use openat() to open files below that directory! This is just so clever. Meanwhile pledge promised a simple directory whitelist option that is STILL NOT IMPLEMENTED :(
CloudABI is a portable ABI that can be described as POSIX plus Capsicum minus anything incompatible with Capsicum. So CloudABI programs start already in capability mode, expecting necessary file descriptors to be already open (there's a launcher tool for that). You can just run CloudABI binaries unmodified on several operating systems and they are always sandboxed, they have no way to access anything you didn't pass to them. CloudABI is out-of-the-box supported on FreeBSD, there are kernel patches for NetBSD and Linux, and a user-mode syscall translator for macOS. https://nuxi.nl/cloudabi/
pledge is more similar to Capsicum. It is simpler to implement in some programs, sure, but:
1) I don't like how pledge just kills the program. Rude. Capsicum refuses the offending operation.
2) Capsicum has an absolutely brilliant feature for directory access — you just open() a file descriptor to a directory, then you cap_enter()… and in the sandbox mode you can use openat() to open files below that directory! This is just so clever. Meanwhile pledge promised a simple directory whitelist option that is STILL NOT IMPLEMENTED :(
CloudABI is a portable ABI that can be described as POSIX plus Capsicum minus anything incompatible with Capsicum. So CloudABI programs start already in capability mode, expecting necessary file descriptors to be already open (there's a launcher tool for that). You can just run CloudABI binaries unmodified on several operating systems and they are always sandboxed, they have no way to access anything you didn't pass to them. CloudABI is out-of-the-box supported on FreeBSD, there are kernel patches for NetBSD and Linux, and a user-mode syscall translator for macOS. https://nuxi.nl/cloudabi/