joerg@britannica.bec.de wrote:

> Think of FreeBSD/DF jail. It is not esoteric at all.

Well I certainly hope NetBSD is not going to import jail.

What difference does it make, security-wise, if /dev/veriexec
exists or not?

Would it not be better to use some kind of capabilities to
assign "can view Veriexec settings" vs. simply having the
device or not..?

-e.

-- 
Elad Efrat