(no title)
corv
|
4 months ago
We've been exploring libseccomp/BPF filters on top of bubblewrap namespaces for LLM sandboxing - the BPF layer lets you go beyond read-only mounts to syscall restrictions. Open to collaboration on pushing this further: https://github.com/corv89/shannot
No comments yet.