search

darwin-containers / rund

OCI Container Runtime for Darwin
Apache License 2.0
432 stars 13 forks source link

Harden isolation using `sandbox-exec` #15

Open slonopotamus opened 9 months ago

slonopotamus commented 9 months ago

Potential ways are:

  1. Complete disabling of network
  2. Limiting of kernel syscalls
  3. ?