our sandbox framework is called Oz and is written in Golang, technical walkthrough here:https://github.com/subgraph/oz/wiki/Oz-Technical-Details …
Chrome's sandboxing is pretty great, but I'm biased. Browsers are complex: you want them to have integrated sandboxing
-
-
-
Oz and minijail sound like they have a lot in common. Are you using pid and user namespaces too?
-
pid, not user (and we ship with a grsec/PaX + RAP kernel)
End of conversation
New conversation -
-
-
though we agree w/Kees here, in
@subgraph OS we sandbox the browser & other risky apps & use strict syscall filters.Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.