Elad Efrat <elad@NetBSD.org> writes:
> attached is a very simple patch that adds a "security.tpe" sysctl node
> to control a tpe (or, trusted path execution) feature.

Neat.

Wish list: it would be cool if someday this could be turned on/off on
a per process basis somehow. I'd love to have things like
chrooted/unprived daemons running with this on for themselves and
their children, even if other processes are "normal". NOTE: This
doesn't mean I don't favor committing this now.

Perry