|
|
|
|
|
|
by _slih
108 days ago
|
|
|
subtraction vs filtration is the right framing even if the article is slop. removing capabilities is structurally different from filtering syscalls because the set of things to filter grows every kernel release but the set of things a process actually needs doesn't. |
|
|