(no title)

- Requiring people to write rulesets or explicitly list syscalls they want is complicated, so barely anyone will use it. We want it to be easy.

- tame is for OpenBSD. OpenBSD has many daemons that are already split up into sandboxes, often with common APIs (eg imsg) that use a small set of syscalls. tame will fit into and extend that. Often with relatively few source code changes so far, because we don't have to write lists of syscalls or much special processing. And if major changes are required - it is one project, we can change kernel and userland together.

- There has been no suggestion that I have heard that tame be considered a portable API, or something we would like others to adopt.

- Why not a library? Well, that was considered, but why not the kernel? There are advantages to both approaches.

- There is some talk of changing the way paths are handled, we will see where that goes. It is still early.