seccomp Sandboxing · Syscall Allow-List
unseel.com · BPF filter · KILL vs ALLOW · kernel attack surface
Allowed 0
Blocked 0
State
process & syscall
allowed → kernel
blocked · SIGSYS kill
seccomp-BPF gate
Unseel.com · seccomp Sandboxing