New blog post outlining the implementation of Seccomp and Seccomp-BPF https://illogicalexpressions.com/linux/2016/08/31/seccomp-and-seccomp-bpf.html …
-
-
Replying to @ajxchapman @noxrnet
might make sense to point readers to libseccomp, which can generate seccomp filters and takes care of things like the arch check
2 replies 0 retweets 0 likes -
Replying to @tehjh
probably best to say it's not meant to be used in this way then. Cheers for the input
1 reply 0 retweets 0 likes
Replying to @ajxchapman @noxrnet
afaik usual usage are "(trusted) binary sandboxes itself" and "a whole container is sandboxed" (execve must be permitted anyway)
1:37 PM - 4 Sep 2016
0 replies
0 retweets
0 likes
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.