Description
Linux syscall filtering support helps applications restrict which kernel calls a process may use. It is useful for sandboxing, containers, service hardening, and reducing damage from compromised programs.
This is a low-level security library, not a complete sandbox policy. Incorrect filters can break applications or leave gaps, so profiles should be tested carefully.