Open avsm opened 9 years ago
Maybe use release for this: https://github.com/andrenth/release
Not sure what the point of this would be, but if you do need to sandbox it, it should probably be done in a thorough fashion:
shm*()
).uid
/gid
, euid
and egid
should be set accordinglyseccomp-bpf
whitelisting should be used to limit system callsmount
and network
namespaces, probably process
namespace too)Additional resources:
patches welcome. I also stumbled upon https://github.com/haesbaert/hdhcp/commit/de2c28fcecac92d224d795643062cb2c1a773442 recently
See stud's command-line options: