Comment by the8472
4 years ago
But that's the issue. In the example I gave we already have a broker (the root process spawning ssh shells). But we want to restrict the broker too to make it more difficult to exploit. To do that we need to pledge without inheritance.
I wouldn't call sshd a broker, at least, it's not exclusively one.