blog - git - desktop - images - contact 2025-07-13 Disclaimer: This is to the best of my knowledge. It's a complicated topic, there are tons of options, and this only covers a tiny fraction of this topic anyway. If you spot mistakes, please tell me. Suppose you have a server daemon that you want to confine to a single directory. During the startup phase of the program, it also needs to read some files outside of that directory -- you can apply the confinement only when that phase is done. Suppos...