try out tracing on *BSD and Solaris trace static children of static children cache results of filesystem checks review erealpath vs realpath usage wrappers for execl{,l,p} ... unfortunately, we'll probably have to basically reimplement the functions (building up argv[] and then call the execv* ver) erealpath() might deref symlinks when working with unreadable paths as non-root even when working on funcs that do not deref funcs themselves ... this isnt a real big issue though threaded apps conflict with shared state: - sandbox_lib - sandbox_on - trace_pid - etc... handle multiple processing writing to log simultaneously - could move log to a fifo that the main sandbox process would consume - not that big of a deal as log generally only gets written with failures doesnt seem to work quite right: echo $(./vfork-0 ./mkdir_static-0 2>&1)