On 02/11/2014 11:36 AM, Jason A. Donenfeld wrote: > Hey folks, > > Late night clicking-while-drooling, I came across something a few > minutes ago that mildly piqued my interest -- mbox > <http://pdos.csail.mit.edu/mbox/>. It's a sandbox that uses a > combination of ptrace and seccomp bpf; neither ours nor exherbo's uses > both of these together. The killer feature, for us, that's motivating > me to write to this list, is that it creates a "shadow file system", > and then has the option to commit the changes of that file system to > the real file system, piece by piece, when the process is done. It > made me think of some discussions we had at FOSDEM about Portage > evolution and whatnot. I haven't looked at this tool past an initial > glance, but it does look like interesting food for thought. > > Jason >
Looks interesting. It reminds me somewhat of autodep[1]. [1]: http://soc.dev.gentoo.org/~bay/autodep/intro.html
