Seccomp restricted
isolation-constraint · v1.0.0
Subprocess with seccomp filter — only whitelisted syscalls allowed. No network; scoped filesystem.
Isolation
- Process
subprocess- Network
none- Filesystem
scoped- Scoped paths
${WORKSPACE_ROOT}
Raw atom
/atoms/isolation-constraint/seccomp-restricted.json · schema