On Wed, Jul 24, 2019 at 09:46:09PM +0200, Klemens Nanni wrote:
> Pledge is not possible due to the ioctls, but as it hoists both the
> control socket and apm device early at startup and only ever possibly
> executes scripts under /etc/apm/, hiding the rest of the filesystem
> becomes easy.
>
>
Klemens Nanni wrote:
> Pledge is not possible due to the ioctls, but as it hoists both the
> control socket and apm device early at startup and only ever possibly
> executes scripts under /etc/apm/, hiding the rest of the filesystem
> becomes easy.
>
> Technically, only "x" is required to
Pledge is not possible due to the ioctls, but as it hoists both the
control socket and apm device early at startup and only ever possibly
executes scripts under /etc/apm/, hiding the rest of the filesystem
becomes easy.
Technically, only "x" is required to traverse the directory and run
scripts,
