From mboxrd@z Thu Jan 1 00:00:00 1970 Message-ID: Date: Sun, 4 Jan 2009 09:04:00 -0800 From: "Russ Cox" To: lucio@proxima.alt.za, "Fans of the OS Plan 9 from Bell Labs" <9fans@9fans.net> Subject: Re: [9fans] RFNOMNT In-Reply-To: <191db05806ff4757bc93d5bc04cfeef9@proxima.alt.za> MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit Content-Disposition: inline References: <191db05806ff4757bc93d5bc04cfeef9@proxima.alt.za> Topicbox-Message-UUID: 7862d356-ead4-11e9-9d60-3106f5b1d025 I agree that it would be nice if the exceptions were documented in the man page. They are quite nicely documented in the code, though: /* * noattach is sandboxing. * * the OK exceptions are: * | it only gives access to pipes you create * d this process's file descriptors * e this process's environment * the iffy exceptions are: * c time and pid, but also cons and consctl * p control of your own processes (and unfortunately * any others left unprotected) */ n = chartorune(&r, up->genbuf+1)+1; /* actually / is caught by parsing earlier */ if(utfrune("M", r)) error(Enoattach); if(up->pgrp->noattach && utfrune("|decp", r)==nil) error(Enoattach); Russ