On Mon, Jul 20, 2015 at 12:04:43PM -0400, Ted Unangst wrote: > chroot is probably the best comparision. yes, we provide a chroot(1), but There is no chroot(1). :p
> practically nothing uses it. everything is instead calling chroot(2) on its > own. the things that do use chroot(1) are doing so for specialized namespace > reasons, not for sandboxing. I have a huge counter-example: dpb. Specifically, chroot(8) does the nice usercontext thingies that would be cumbersome to do from perl.