Hacker Newsnew | past | comments | ask | show | jobs | submitlogin
Lightweight Filesystem sandboxing with eBPF (lwn.net)
32 points by riyakhanna1983 on Nov 22, 2019 | hide | past | favorite | 3 comments


code is now available: https://github.com/sandfs/LibSandFS


This damned cool, and neat!

I do wonder if this can be combined with something like whitelisting based on some criteria. A _very_ unthought-through version would be checking a SHA-512 sum of a binary or some such.

Either way, a neat tool in the toolbox.


Linux users keep being jealous of OpenBSD's pledge(2) and unveil(2) system calls.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: