|
|
|
|
|
|
by antpls
2357 days ago
|
|
|
> If you really want to do syscall filtering to confine an untrusted process (as opposed to reducing attack surface from potential bugs in otherwise-permissible syscalls, which is I think Docker's goal), you need to start from empty and allow syscalls instead of starting from full and blocking them. Alternatively, maybe just run the untrusted code as another user account or something. It looks like the gVisor approach for containers (reimplementing parts of the kernel syscalls in userspace and disallowing the rest) |
|
|