Y
Hacker News
new
|
ask
|
show
|
jobs
by
protomyth
2541 days ago
So, we need a version of pledge from OpenBSD that can surround components / classes
https://man.openbsd.org/pledge.2
https://www.youtube.com/watch?v=bXO6nelFt-E
1 comments
nneonneo
2541 days ago
Linux has seccomp for the same purpose. The most restrictive mode of seccomp permits only read, write and exit, which is good for a jailed CPU-only process (read/write commands from a pipe and exit when done - no opening new files or sockets).
link