der Mouse wrote:

> It means it can be granted or hidden per-chroot.  It means it can have
> its permissions twiddled (no chmod/chown-alikes for sysctl).  (The
> latter is admittedly fairly pointless for veriexec with its explicit
> suser, but I think the point is valid more generally.)

Keeping this about Veriexec, is there any real world application to
having the Veriexec device file hidden inside a chroot? like I said,
this is an esoteric case.

-e.

-- 
Elad Efrat