Add seccomp and rules imported from xdg-app/Sandstorm.io
seccomp is disabled by default for backwards compatibility. This "v0" version is a basic blacklist that turns off some of the known historical attack surface, initially imported from xdg-app. I added a note about code sharing - we should share rules among container implementations.
parent
99a02e41
Please register or sign in to comment