> But the child process can always mount #x for various x, and get out of jail.
not always. from fork(2)
RFNOMNT If set, subsequent mounts into the new name space
and dereferencing of pathnames starting with # are
disallowed.
- erik
