These commits introduce the use of a seccomp supervisor that emulates for now the mknod and mknodat system calls. The supervisor checks that the user is requesting the creation of safe devices, like /dev/null or /dev/zero, and performs the actual system call in the host user namespace.
These commits introduce the use of a seccomp supervisor that emulates for now the mknod and mknodat system calls. The supervisor checks that the user is requesting the creation of safe devices, like /dev/null or /dev/zero, and performs the actual system call in the host user namespace.