Yeah, something like that would probably be quite good. That said, I think even if you do have a nice memory-safe implementation of libmagic/file, it's probably a good idea to still use seccomp/namespacing/etc. to jail it when using it in security critical contexts. Those features don't really incur much cost so it's a free extra layer of security, and you still get the robustness bonus of guaranteed memory safety.