I agree that it would be nice if the exceptions were
documented in the man page. They are quite nicely
documented in the code, though:
/*
* noattach is sandboxing.
*
* the OK exceptions are:
* | it only gives access to pipes you create
* d this process's file descriptors
* e this process's environment
* the iffy exceptions are:
* c time and pid, but also cons and consctl
* p control of your own processes (and unfortunately
* any others left unprotected)
*/
n = chartorune(&r, up->genbuf+1)+1;
/* actually / is caught by parsing earlier */
if(utfrune("M", r))
error(Enoattach);
if(up->pgrp->noattach && utfrune("|decp", r)==nil)
error(Enoattach);
Russ
