Hacker News new | past | comments | ask | show | jobs | submit login

SECCOMP_SET_MODE_STRICT is pretty hard to use - you cannot allocate memory for example.



I did not realize that. Given that, I was incorrect when I said that the author (or anyone) could easily use seccomp MODE_STRICT.

Capsicum may still be easy to use. And seccomp-bpf is not that complex either.




Consider applying for YC's Spring batch! Applications are open till Feb 11.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: