On Thu, Oct 13, 2022 at 02:49:19PM +0200, Stefano Brivio wrote:Just spotted a typo: On Tue, 11 Oct 2022 16:40:13 +1100 David Gibson <david(a)gibson.dropbear.id.au> wrote:Corrected. -- David Gibson | I'll have my music baroque, and my code david AT gibson.dropbear.id.au | minimalist, thank you. NOT _the_ _other_ | _way_ _around_! http://www.ozlabs.org/~dgibson@@ -59,12 +101,31 @@ void drop_caps(void) } } +/** + * isolate_initial() - Early, config independent self isolation + * + * Should: + * - drop unneeded capabilities + * Musn't: + * - remove filessytem access (we need to access files during setup)filesystem