[$] OpenBSD's unveil()

One of the key aspects of hardening the user-space side of an operatingsystem is to provide mechanisms for restricting which parts of thefilesystem hierarchy a given process can access. Linux has a number ofmechanisms of varying capability and complexity for this purpose, but otherkernels have taken a different approach. Over the last few months, OpenBSDhas inaugurated a new system call named unveil() for thistype of hardening that differs significantly from the mechanisms found inLinux.