On Thu, 2006-12-14 at 14:56 -0700, Eric W. Biederman wrote: > Because that model fundamentally keeps every process in it's own > container and never allows it to leave, nor does it allow things > from one container to cross into another container in an uncontrolled > fashion this feels to me like a very safe model. This is like saying that brain surgery is safe and controlled because the surgeon never actually goes into the patient's brain! :) I think of ptrace as a pretty wide-open interface. While ptrace itself has well-defined semantics, I could hardly consider using it in production, nor would I want to be the one to write the userspace apps to do the syscall futzing for each of Linux's architectures. -- Dave