I love the smell of

in the morning
Everything here is my opinion. I do not speak for your employer.
March 2015
April 2015

2015-03-07 »

Oh wow.  This is the first I've heard of seccomp(2), but it looks amazingly elegant.


In particular SECCOMP_SET_MODE_STRICT looks like it would be very easy to use (and pretty easy for any Unix-like kernel to implement) and would be great for things like packet parsers that just read stdin and write stdout.

My latest project is Tailscale: the easiest way to use WireGuard and 2FA.

Why would you follow me on twitter? Use RSS.