
Restricting pathname resolution with AT_NO_JUMPS - gbrown_
https://lwn.net/Articles/723057/
======
emaste
This is very similar to an idea introduced in FreeBSD's Capsicum sandboxing
framework[1] some time ago. Google's David Drysdale proposed a patch in 2014
to add this to Linux but it didn't go anywhere; I'm hopeful that this time
Linux will add this support.

[1]
[http://www.cl.cam.ac.uk/research/security/capsicum/papers/20...](http://www.cl.cam.ac.uk/research/security/capsicum/papers/2010usenix-
security-capsicum-website.pdf) [2]
[https://lkml.org/lkml/2014/11/4/218](https://lkml.org/lkml/2014/11/4/218)

