The namei facility will leak a small amount of kernel memory every time a sandboxed process looks up a nonexistent path name. Continue reading...