Eero Saynatkari wrote:

> In general, this may be unnecessary work. If you run Ruby in a chrooted
> environment with minimal tools and as an unprivileged user with all
> proper permissions set, it is fairly safe. The failpoints, then,
> would be any other applications in that chrooted environment,
> accessed through system() and so on.

Well, I'm trying to boil it down: require 'sandbox'.  No other setup.

But maybe it'd be nice to have a mode for chroot to give the freedom to 
access the filesystem given that the admin's got a safe uid and chroot.  
Thanks for the comment.

_why