Hacker News new | ask | show | jobs
by udev4096 362 days ago
Using a container sandbox such as gvisor would definitely help. Or even using firejail for normal systemd processes