> Trying to get file to work under systrace(1). > > Is this a reasonable patch?
Semi-reasonable. I think if the ioctl fails, it should be entirely silent. > file(1) still fails with systrace because of sendmsg(2), any > help with correcting systrace.policy for this case would be > appreciated. Perhaps this situation can be tested earlier, using an ioctl, and then the privsep model can be skipped. Trusting in the non-fragility of the code, and that it is already operating with some containment. Of course something I am working on will help later...
