Is it possible, in theory, to use pledge(2) to make something similar to
firejail?
https://packages.debian.org/sid/main/firejail
Firejail is a Gnu/Linux's program which executes Firefox as it's descendant
with reduced privilages.
For example I would like to restrict Firefox to not write and read to directory
outside /home/firefox directory. Let's assume that I run firefox as another
user than
my normal account. I would restrict, using traditional Unix privilages, Firefox
and all its descendants, logging as another user to regain privilages to
for example to /home/open. I imagine that would still leave huge attack vector
to pown system and/or sniff password, but I think it is better than nothing.
