> > '#p' > > allows any of my namespaces to debug processess in any other, '#s' is too > > global, and /net seems to allow any of my processes to manipulate any of my > > other processes' network connections (though I've not tested in detail to > > see what's possible.) > > So you're saying that (a) a jailed process should not have access to > the #-devices at all and (b) their equivalent /proc, /srv and /net > ought to be configured as part of the jail and should not be > modifiable.
there is no special exception for #s, #I or #l. these cases are handled already. > Plan 9 source often short-circuits the possibility that #-something is > not bound to the conventional place s/often/always/ there is no exception. one could not bind something onto #X. - erik
