Hacker News new | ask | show | jobs
by rkeene2 532 days ago
I've used seccomp in the past to create a read-only root.

I created a seccomp DSL to make this kind of stuff easier [0] (an example of dropping network access is at [1])

[0] https://chiselapp.com/user/rkeene/repository/bash-drop-netwo...

[1] https://chiselapp.com/user/rkeene/repository/bash-drop-netwo...