|
|
|
|
|
|
by badalex
3879 days ago
|
|
|
It's not much different than seccomp/systrace/apparmor/grsec rbac/selinux in that regard. It's per process. So sure, if the plugin forks it could pledge(). Much the same way the plugin could seccomp once forked. Otherwise the plugins rules would be applied to the application. All the same, even if the app used it with most syscalls enabled, it would reduce the attack surface. |
|
|