@falktx well then maybe rather sandbox the process as a whole. I'm getting somewhat curious to what the fallout would be of widely locking down say an Ardour (or maybe something simpler?) just before loading plugins.

No more arbitrary saving and loading files after that but it might make for a proof of concept.

From my understanding, the performance impact would be negligible, and only apply to those types of resource acquisition which landlock is actively filtering.