Domesticating applications, OpenBSD style

writing to /dev/log with chroot is actually better because the syslog daemon can create a /dev/log in each sandbox and tell which one was written to (as well as gathering metadata across the unix socket, something that I assume is lost when you are just writing to a magic fd)