Figure 1: The p9ufs 9P server has read-only access to the global /srv/git directory, and is owned by the git user (user listen wouldn't be able to read /srv/git). This access is transferred, via the /run/9p/git socket and a 9P FUSE mount, to the namespace of the git service script, itself owned by listen. The git service script is itself never started, instead the /srv/tcp9418.namespace sets up a loopack network interface, starts the git daemon, and hijacks the usual procedure by launching so...
