Y
Hacker News
new
|
ask
|
show
|
jobs
by
zanchey
200 days ago
LWN's article on unveil() is a good explanation - the restrictions are permanently applied to the process and its children until termination:
https://lwn.net/Articles/767137/