
Lightweight Filesystem sandboxing with eBPF - riyakhanna1983
https://lwn.net/Articles/803890/
======
riyakhanna1983
code is now available:
[https://github.com/sandfs/LibSandFS](https://github.com/sandfs/LibSandFS)

~~~
T3OU-736
This damned cool, and neat!

I do wonder if this can be combined with something like whitelisting based on
some criteria. A _very_ unthought-through version would be checking a SHA-512
sum of a binary or some such.

Either way, a neat tool in the toolbox.

------
jedisct1
Linux users keep being jealous of OpenBSD's pledge(2) and unveil(2) system
calls.

