-
1. How do we leverage seccomp_export_bpf to generate rules? Is there a tool available? Does passing the compiled list to `--seccomp` result in rules to be whitelisted or blacklisted?
2. If bwrap cr…
-
Hi! I just found this project and I did something [very similar](https://github.com/kurnevsky/nixfiles/tree/master/modules/sandbox) for myself. I'm considering migrating but I currently have some feat…
-
**What happened**:
A clear and concise description of what the bug is.
Spin up a VM using the network binding plugin for passt interfaces following https://kubevirt.io/user-guide/network/net_b…
-
(This is more of a question, but I wasn't sure where to post this other than the issue tracker.)
I'm trying to use `crun` as the back-end for a sandboxing tool that makes it possible to modify a cont…
-
https://www.mail-archive.com/linux-btrfs@vger.kernel.org/msg68506.html
https://www.spinics.net/lists/linux-btrfs/msg69830.html
Someone in the mailing list told me that duperemove will unshare my s…
-
There's nothing specific on this question in Github issue history or `git log -Gunshare`. The outcome of this ticket would be replacing mnexec with unshare(1) (ubuntu util-linux) or a comment in mnexe…
ghost updated
2 years ago
-
As @adrelanos suggested on the Whonix forum, it would be desirable to implement a Linux Namespaces wrapper for Horklump, so that even if a malicious tracee escapes from the ptrace sandbox, it still wo…
-
**Baikal version**: 0.9.5
**Expected behaviour**: 1. When I create a list from iOS reminder app, I expect the list private.
**Current behaviour**: 2. The list is always marked as "shared". Even…
-
New commands added in cf cli 6.35.0:
```NAME:
share-service - Share a service instance with another space
USAGE:
cf share-service SERVICE_INSTANCE -s OTHER_SPACE [-o OTHER_ORG]
OPTION…
-
### Expected behaviour
Unshare option should be possible when offline
### Actual behaviour
![screen shot 2016-12-14 at 17 20 40](https://cloud.githubusercontent.com/assets/12275313/21190504/4b1…