Hacker News new | ask | show | jobs
by cycloptic 1908 days ago
The safest way to do it would be to implement it with seccomp so you unconditionally block those syscalls.