Example: cat.c main(int argc, char *argv[]) { int ch; setlocal(LC_ALL, ""); + if (tame("stdio rpath", NULL) == -1) + err(1, "tame"); ... - Restricted to opening existing files, read-only - Can do things "like stdio" - Cannot open sockets, pass file descriptors, etc - Many behaviors curtailed