try out tracing on *BSD and Solaris

trace static children of static children

cache results of filesystem checks

review erealpath vs realpath usage

wrappers for execl{,l,p} ... unfortunately, we'll probably have to basically
reimplement the functions (building up argv[] and then call the execv* ver)

erealpath() might deref symlinks when working with unreadable paths as non-root
even when working on funcs that do not deref funcs themselves ... this isnt a
real big issue though

threaded apps conflict with shared state:
 - sandbox_lib
 - sandbox_on
 - trace_pid
 - etc...

handle multiple processing writing to log simultaneously
 - could move log to a fifo that the main sandbox process would consume
 - not that big of a deal as log generally only gets written with failures

doesnt seem to work quite right:
	echo $(./vfork-0 ./mkdir_static-0 2>&1)

handle env var modification inside of traced apps

messaging still needs a little work.  consider:
 - user is running as root
 - user does `emerge foo`
 - emerge's stderr is connected to root's tty
 - FEATURES=userpriv is enabled so portage drops root
 - sandbox starts up and sets message path to its stderr
 - that path is owned by root only
 - attempts to open it by path fail with permission denied
really only way around this would be to have sandbox set up
a named pipe in $T and set the message path to that.  then
it would poll that for data and take care of writing it to
its open stderr.