|
|
|
|
|
|
by foresto
441 days ago
|
|
|
> There seems to be a fundamental mismatch between how sane people think about sandboxing, and how linux manages namespaces. What bothers me most about sandboxing with linux namespaces is that edge cases keep turning up that allow them to trick the kernel into granting more privileges than it should. I wonder if Landlock can/will bring something more like FreeBSD jails to the table. (I haven't made time to read about it in detail yet.) |
|
|