The sandbox system call API is a simple yet powerful mechanism for
confining untrusted code. It is similar to chroot() and BSD jails, but has
much greater flexibility and expressive power. The code is mostly complete
but not yet fully functional.
Be the first to post a review of Sandbox System Call API for Linux!