My guess would be that `test` does a stat() and checks st_mode against provided flags, so it's like only reading the metadata. The actual blocking/sandboxing happens on calls that have side effects on the real data, eg. open().
My guess would be that `test` does a stat() and checks st_mode against provided flags, so it's like only reading the metadata. The actual blocking/sandboxing happens on calls that have side effects on the real data, eg. open().