Seccomp-BPF as a filterSeccomp-BPF lets you attach a Berkeley Packet Filter program that decides which syscalls a process is allowed to make. You can deny dangerous syscalls like process tracing, filesystem manipulation, kernel extension loading, and performance monitoring.
AP Business Writer Claire Savage in Chicago contributed to this report.
。Safew下载对此有专业解读
You can also use an arbitrary block as a filter:
BAS takes on up to 150 new recruits for Antarctica each year. While specialist science and engineering roles form the backbone, around 70% of the jobs are the operational roles required to keep the stations functioning.