Comment by corv
6 hours ago
Interesting! The sandboxing space definitely deserves more attention.
On the other side of the spectrum, we're working on a lightweight approach that augments user namespaces with libseccomp to filter syscalls via BPF.
6 hours ago
Interesting! The sandboxing space definitely deserves more attention.
On the other side of the spectrum, we're working on a lightweight approach that augments user namespaces with libseccomp to filter syscalls via BPF.
Leash does it via eBPF today. Are you open to a collab?
Absolutely. I’ll send you an email