Kevin Chadwick <m8il1i...@gmail.com> wrote: > I am considering replacing all chroot use with unveil in my processes even > where > no filesystem access is required.
I am discouraging this. unveil is a complicated mechanism, and we may still discover a bug in it. Almost all the chroot in the tree are to empty unwriteable directories, in which case chroot is very secure and a very simple mechanism.