> your only option is to open the fd for mounting the secret > factotum, then call becomenone(), then mount the fd, which > is still open but otherwise inaccessible to you.
That is sort of what I meant. So I'd need a command line flag which would open a service file descriptor (e.g., /srv/factotum but maybe something else) and then mount it in the address space afterward. I wonder how much of it I could do with a shell script and a custom namespace file, i.e., open the service descriptor as /fd/NN and then in the namespace file mount /fd/NN as /mnt/factotum? > the web server isn't signing pages, just that the connection > is to the right machine. One of the things I like about Plan 9 is that in theory sealed name spaces should enable genuine "least privilege" protection domains in a way that Unix can't do, and I'd kind of like to push that envelope a bit. Dave Eckhardt
