> Is there any opinion, policy or conclusion about newer & easier MAC > implementation like Tomoyo or SMACK?
$ man pledge That said, pledge is for trusted programs exposed to untrusted remote input, which differs from MAC frameworks meant to tame sketchy binaries.