Y
Hacker News
new
|
ask
|
show
|
jobs
by
bloppe
141 days ago
You could provide decently meaningful and targeted sandboxing using mount namespaces and an overlay FS, while retaining sudo privileges for what you need to do.