-
security sandboxPricing:
- Open Source
I am just its (mostly happy) user. I wrote that rule on my phone so you are right, it is not complete. On the other hand raw sockets require CAP_NET_RAW capability which is often assigned to root only so running a capability-untreated binary as an unprivileged user should not allow any raw socket ops (ping often uses file capabilities or setuid root). AFAIK it requires root to load/reload profiles. And that is fine for me, my use-case is hardening of services running on my server. For ad-hoc restriction of untrusted software you can already use stuff like FireJail https://firejail.wordpress.com/ I just don't think a new syscall would be such a benefit but I am not the one to decide. :).
#Monitoring Tools #Email Marketing #Windows Virtualization 40 social mentions
-
Unprivileged sandboxing tool
How does this approach for sandboxing compare to the bubblewrap that uses namespaces? https://github.com/containers/bubblewrap.
#Monitoring Tools #Email Marketing #Windows Virtualization 23 social mentions
Discuss: Show HN: Porting OpenBSD Pledge() to Linux
Related Posts
10 Best Grafana Alternatives [2023 Comparison]
sematext.com // 5 months ago
Top 10 Grafana Alternatives in 2024
middleware.io // 3 months ago
Best Free Firewalls for Windows, Mac & Android in 2024
wizcase.com // 3 months ago
Sendspark vs Potion: The Video Messaging Smackdown
medium.com // 3 months ago
Comparison of Cron Monitoring Services (November 2023)
blog.healthchecks.io // 5 months ago
8 Best SpeedFan Alternatives for Computers for Windows and Mac
xtendedview.com // 7 months ago