On linux you can use firejail if it's necessary (or a container if it's needed). | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		kworker on June 10, 2018 \| parent \| context \| favorite \| on: Pledge and Unveil in OpenBSD [pdf] On linux you can use firejail if it's necessary (or a container if it's needed).

staticassertion on June 10, 2018 [–]

This doesn't address what they just said - dropping privileges incrementally. Firejail is just a whole process filter applied at process start.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact