Guys, while replying to Nathaniel's post it dawned on me that something like this: open("#c/cons", OWRITE|OCEXEC); completely breaks the paradigm of namespaces.
IOW, if I wanted to construct a namespace with a specially crafted server offering /dev/cons, the above would easily break out of that jail. In fact, is there *any* way at all to disallow attaches on kernel devices? The naive method doesn't seems to work: term% rfork m term% cat '#c/pid' 220 Thanks, Roman.