Description
Helps programs restrict which Linux system calls they are allowed to use. This is a common sandboxing technique that can reduce damage if a process is exploited or behaves incorrectly.
It is a security building block rather than a standalone app. Browsers, container tools, services, and hardened applications may depend on it.