|
|
|
|
|
|
by plietar
3455 days ago
|
|
|
I did this once, by writing a small C program which sets up the seccomp context before exec'ing the Go binary. Unfortunately Go's runtime makes a huge number of system calls in the background, and the whitelist kept growing. Switched to Rust and there was only had one hidden system call left, getrandom used to initialize the hashmap |
|
|