seccomp Sandboxing ·
Syscall Allow-List
un
seel
.com · BPF filter · KILL vs ALLOW · kernel attack surface
Allowed
0
Blocked
0
State
—
process & syscall
allowed → kernel
blocked · SIGSYS kill
seccomp-BPF gate
▶ Play
←
→
🔇 Unmute
↻ Reset
Un
seel
.com · seccomp Sandboxing