I think security-wise, it's a much worse mechanism though.
SELinux has the better approach -- it's applied outside the application's control so it can't be subverted by some sort of environment manipulation. It's also modifiable, while pledge/unveil is hardcoded into the binary.
I really don't like the thought of hardcoding paths into the binary, it makes things extremely inflexible. Eg, say you have something that stores data. Under this model you can't run the program against an alternate data set because it'll refuse to work with anything but the official location.
I also think pledge/unveil has issues with process invocation. Either you can only restrict every process further than its parent, or an invoked process gets free reign. Neither is good.
SELinux has the better approach -- it's applied outside the application's control so it can't be subverted by some sort of environment manipulation. It's also modifiable, while pledge/unveil is hardcoded into the binary.
I really don't like the thought of hardcoding paths into the binary, it makes things extremely inflexible. Eg, say you have something that stores data. Under this model you can't run the program against an alternate data set because it'll refuse to work with anything but the official location.
I also think pledge/unveil has issues with process invocation. Either you can only restrict every process further than its parent, or an invoked process gets free reign. Neither is good.