2006-03-13 · in Ideas · 50 words

For frameworks like AppArmor that restrict which system calls a process may make, it would be useful to be able to give them a rule along the lines of "these restrictions are only in place after listen() has been called", so that initial setup could be done without the restrictions.