Filesystem sandboxing with eBPF
Filesystem sandboxing with eBPF
[Development] Posted Nov 6, 2019 22:40 UTC (Wed) by jake
Running untrusted code in a safe manner is generally the goal of sandboxing efforts. The sandbox technique presented by Georgia Tech PhD student Ashish Bijlani at Open Source Summit Europe 2019 is no exception. He has used something of a novel scheme to allow unprivileged code to implement the sandbox policies using BPF; the policies are then enforced by the kernel.