Err... ObOnTopic: Building a system like I describe is much easier given the existence of CAP_SYS_CHROOT. (Though another option would be to eliminate the root dir entirely by chrooting everything to a designated unreadable/unwriteable/empty directory, and just using openat() etc all the time. ...Too bad there's no execat().)
Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds