Comment by bee_rider
14 hours ago
That seems pretty interesting. I guess it relies on BSD plumbing though?
Funny enough, the my first foray into these sort of operating systems was BSD, but it was right when I was getting started. So I don’t really know which of my troubles were caused by BSD being tricky (few probably), and which were caused by my incompetence at the time (most, probably). One of these days I’ll try it again…
Yup, "pledge" is one of my BSD envies. Namespaces and unshare are significantly more complex and we're still told not to use them as a security barrier (which is explicitly in scope for pledge).