Yeah, the seccomp limitation that it can't deref pointer arguments makes things ... | Hacker News

Hacker News new | past | comments | ask | show | jobs | submit

login

Ua2Reemo on Sept 25, 2018 | parent | context | favorite | on: Killing processes that don't want to die

Yeah, the seccomp limitation that it can't deref pointer arguments makes things a lot less elegant than pledge.

But at least unveil can be implemented via mount namespaces.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact