Theo de Raadt deraadt at cvs.openbsd.org writes:
[replying via gmane, which apparently doesn't like text from the original
email to be quoted so I had to severely strip out text from the original
message, and also doesn't allow this bracketed message to be placed at the
top of my message]
I have been working for a while on a subsystem to restrict programs
into a reduced feature operating model.
Other people have made such systems in the past, but I have never been
happy with them. I don't think I am alone.
Generally there are two models of operation. The first model requires
a
