Description
Processes can be isolated with Linux namespaces and seccomp-bpf syscall filters for sandboxing or controlled execution. This helps developers and security teams limit what a test program can see or do.
Sandbox configuration mistakes can still expose files, devices, or network access. Use it with reviewed policies and do not assume isolation is complete without testing the exact command and environment.