Looking at http://www.openbsd.org/papers/tame-fsec2015/
When I first heard of "tame", I thought there would be a problem with log files. I assume that is what the "Whitelist path feature" is being added to try to solve. I wonder if a new system primitive could solve the log file problem in a different way. If the primitive could remove a file under a running program giving the old contents a new name, and any other program that had the file open would just see it as if truncate was called on that file. Such a primitive would be used by the log rollers. If log rollers did use such a primitive they would never need to recreate or reopen a log file.