>>>>> "Michael" == Michael Richardson <mcr@sandelman.ottawa.on.ca> writes:
    Michael> But, let's do this via "restrict_system()" of some sort, which
    Michael> fixes all sorts of chroot/security related stuff that we need.

  having read jail(2) from FreeBSD, I think that we do something similar.

  Or just wait for cap_*() to be finished and import that.

]       ON HUMILITY: to err is human. To moo, bovine.           |  firewalls  [
]   Michael Richardson, Sandelman Software Works, Ottawa, ON    |net architect[
] mcr@sandelman.ottawa.on.ca http://www.sandelman.ottawa.on.ca/ |device driver[
] panic("Just another NetBSD/notebook using, kernel hacking, security guy");  [