SELinux is not complex because we program in complex ways, but because we don't know the target program.

For example, (again, nothing against Apache but...) if I want to secure Apache, there's no way for me (as a sysadmin) to tell exactly which files, exactly which syscalls, and exactly which libs does it need to function, and there's no way for me to stay on top of it.

And the same applies to any other complicated software. How to I lock down X? Firefox?

Really, the beauty of a "pledge" like system is that the programmer/PM of the code (which he should understand) should know how to lock it down