I'd like to improve the documentation (if possible) to your existing documentation on sandboxing. What levels of sandboxing and what choices do we have? You only mention setuid, is that because the user namespace sandbox isn't supported? What about seccomp-bpf?
I'd like to improve the documentation (if possible) to your existing documentation on sandboxing. What levels of sandboxing and what choices do we have? You only mention setuid, is that because the user namespace sandbox isn't supported? What about seccomp-bpf?