Note how the FreeBSD sandbox "cap_enter()" fits in a tweet compared to complexity of Linux, OpenBSD github.com/brynet/file/blob/โฆ
3
3
@dsilverstone @fanf it can be tweaked with cap_rights but default sane. But yes technically less flexible...
@dsilverstone @fanf but the flexibility vastly increases complexity. Eg the comments about not sandboxing ioctl in the OpenBSD code
1