|
|
|
|
|
|
by zurn
4446 days ago
|
|
|
The Chrome sandbox setup doesn't correspond to a regular linux application talking to the kernel though. It has a 2-layer sandbox, with the seccomp-bpf and setuid sandboxes. They restrict the kernel interface to a whitelisted subset. |
|
|