|
|
|
|
|
|
by gizmo686
102 days ago
|
|
|
You can mostly do that with Seccomp on Linux (I have no experience with FreeBSD). Child processes inherit the restrictions from the parent. You can therefore have the parent fork, setup it's rules, then exec. This is exactly how syscall filtering (and a bunch of other lockdowns) are implemented in SystemD |
|
|