Re: Pretty bad idea
Well, for a start - you appear (Unless I'm missing something) to be talking about changing directories and pledge() is about disallowing parts of the API. If openvpn is designed to read files from a directory, changing the directory that it's reading from will not be affected by pledge(). If you then go to read it in from some exotic device that requires extra API calls - then that is going to require a rewrite to your code to require extra API calls. (Which does mean that the person writing the code is going to have to know which parts of third party libraries may or may not be called. This may be interesting if, for example, you upgrade a dynamic library for reading device information and it suddenly sprouts support for talking to some exotic device that requires extra API calls...)
pledge(), for example, would allow you to start a webserver up, bind to a socket and then get rid of socket(), setsockopt(), bind() and listen(), never to be used again. If it's a daemon and you want to fork() once at initialisation and then never more - fine, cut it off. If you decide you *do* want to use it later on, it's likely going to require recoding the application.
Using both may be useful, though.
The training is a tricky one. It'd be possibly - but you would have to make sure you fully exercised the code.
Finally, I'd guess that the upfront model failed on Android because a) a (very) large number of people have an Android device, b) applications are relatively easy to develop and deploy, c) the original vendor of the code is interested in selling convenience, rather than security (To a point) On the other hand, at least the last point is false for OpenBSD. (Yes, you have to weigh your options and decide if it's a wise thing to do - but then you'd have to anyway)