Hacker News new | past | comments | ask | show | jobs | submit login

It's way simpler. Seccomp is a pita to keep current and complete. Landlock is higher level with concepts of filesystem locations rather than basic low level ops.



Thanks for explaining. I had tried using seccomp in some previous incarnation, before it allowed passing in ebpf filters, and it was just too restrictive so had to abandon that effort.




Consider applying for YC's Spring batch! Applications are open till Feb 11.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: