Y
Hacker News
new
|
ask
|
show
|
jobs
by
dguido
3962 days ago
You should try using nsjail, which makes using namespaces and seccomp-bpf easy. It's very simple, it's made to wrap existing programs with a single command line invocation. Done and done.
https://github.com/google/nsjail