> about the possibilities ... maybe disallowing > an open for block devices could be sufficient Why? What if you want to access block devices? This should be left as it is, or maybe CAP_BLOCK_ACCESS.
-- Key fingerprint = 40D0 9FFB 9939 7320 8294 05E0 BCC7 02C4 75CC 50D9 Namagumi namagomi namagoroshi _______________________________________________ Vserver mailing list [EMAIL PROTECTED] http://list.linux-vserver.org/mailman/listinfo/vserver