so netbsd's kernel security is based on a macos thing.
i read over it. it's not bad actually.
haven't compared it to linux lsm and probably won't be doing that, but it seemed like it was probably functionally the same in a different coat of paint.
there was even a programmable suite for it, but it used lua in the kernel, and they didn't approve it for mainlining in the end.
which is unfortunate because nbsd doesn't have jails or any kind of containering stuff and being able to lock down a chroot is close to that