|
|
|
|
|
|
by corv
231 days ago
|
|
|
We've been exploring libseccomp/BPF filters on top of bubblewrap namespaces for LLM sandboxing - the BPF layer lets you go beyond read-only mounts to syscall restrictions. Open to collaboration on pushing this further: https://github.com/corv89/shannot |
|
|