@prologic@twtxt.net It’s a way for a process to lock itself down.
One common pattern would be this: Early during startup, a process reads some configuration files. Once done, it can lock itself down and tell the kernel that it won’t need any further filesystem access at all (or only access to certain paths). If the process gets hacked later on, the attacker won’t be able to read files.
As I understand it, this is better than static restrictions like AppArmor and the likes, because those apply to the entire lifespan of the process.
And it’s much easier to use than something like chroot. OpenBSD’s pledge and unveil are particularly easy to use, making it feasible to use them in almost any program (not just the ones that you might consider “security critical”):
Even something like cal (that thing that prints a calendar) uses pledge in OpenBSD: https://github.com/openbsd/src/blob/master/usr.bin/cal/cal.c#L153