Seccomp-BPF as a filterSeccomp-BPF lets you attach a Berkeley Packet Filter program that decides which syscalls a process is allowed to make. You can deny dangerous syscalls like process tracing, filesystem manipulation, kernel extension loading, and performance monitoring.
p->scavange++;
,这一点在同城约会中也有详细论述
Mat Smith for Engadget
Лариса Долина. Фото: Алексей Смагин / Коммерсантъ
+13Lines changed: 13 additions & 0 deletions