Hacker News new | ask | show | jobs
by corv 216 days ago
Interesting! The sandboxing space definitely deserves more attention.

On the other side of the spectrum, we're working on a lightweight approach that augments user namespaces with libseccomp to filter syscalls via BPF.

https://github.com/corv89/shannot
1 comments
jaytaylor 215 days ago
Leash does it via eBPF today. Are you open to a collab?
link
corv 215 days ago
Absolutely. I’ll send you an email
link