on linux the low-level building blocks that can achieve similar are seccomp and namespaces, but the only abstractions that I am aware of involve separate launcher processes like runc[0] or firejail[1].
A library providing similar functionality to pledge that could be added during application startup or when doing fork+exec would be great.
on linux the low-level building blocks that can achieve similar are seccomp and namespaces, but the only abstractions that I am aware of involve separate launcher processes like runc[0] or firejail[1].
A library providing similar functionality to pledge that could be added during application startup or when doing fork+exec would be great.
[0] https://github.com/opencontainers/runtime-spec/blob/master/c... [1] https://firejail.wordpress.com/features-3/