Interesting! The sandboxing space definitely deserves more attention. On the oth... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		corv 7 days ago \| parent \| context \| favorite \| on: The Paranoid Guide to Running Copilot CLI in a Sec... Interesting! The sandboxing space definitely deserves more attention. On the other side of the spectrum, we're working on a lightweight approach that augments user namespaces with libseccomp to filter syscalls via BPF. https://github.com/corv89/shannot

jaytaylor 7 days ago [–]

Leash does it via eBPF today. Are you open to a collab?

corv 7 days ago | [–]

Absolutely. I’ll send you an email

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact