Add seccomp and rules imported from xdg-app/Sandstorm.io

seccomp is disabled by default for backwards compatibility. This "v0" version is a basic blacklist that turns off some of the known historical attack surface, initially imported from xdg-app. I added a note about code sharing - we should share rules among container implementations.
author: Colin Walters <walters@verbum.org> 2015-08-28 08:47:33 -0400
committer: Colin Walters <walters@verbum.org> 2015-08-28 09:15:11 -0400
commit: 8cee4ab7345f126d1dec55b7ca1f28e8090a58d3 (patch)
tree: b2c60c914d3202f6ccf2bc6b8553af15cba25ed8 /TODO
parent: 99a02e4114b06edf6c03fcc01e09c137f1fc67dd (diff)
download: linux-user-chroot-8cee4ab7345f126d1dec55b7ca1f28e8090a58d3.tar.gz
1 files changed, 0 insertions, 1 deletions
diff --git a/TODO b/TODO
index 3f32083..e69de29 100644
--- a/TODO
+++ b/TODO
@@ -1 +0,0 @@
-* seccomp support
author	Colin Walters <walters@verbum.org>	2015-08-28 08:47:33 -0400
committer	Colin Walters <walters@verbum.org>	2015-08-28 09:15:11 -0400
commit	8cee4ab7345f126d1dec55b7ca1f28e8090a58d3 (patch)
tree	b2c60c914d3202f6ccf2bc6b8553af15cba25ed8 /TODO
parent	99a02e4114b06edf6c03fcc01e09c137f1fc67dd (diff)
download	linux-user-chroot-8cee4ab7345f126d1dec55b7ca1f28e8090a58d3.tar.gz