compare this project with some other similars

2023-11-02 00:21:52 +08:00 · 2023-11-02 00:21:52 +08:00 · d925fda57b
commit d925fda57b
parent 3284a7297d
1 changed files with 7 additions and 0 deletions
--- a/README.md
+++ b/README.md
@ -56,3 +56,10 @@ cargo build
 - 看看怎么样对特定的 syscall 限制参数，尤其是
    - execve
    - prctl
 ## 比较相近的项目
 - [cloudflare/sandbox](https://github.com/cloudflare/sandbox): cloudflare/sandbox 在运行时配置规则，我们是在构建时配置规则
    - [Cloudflare | Sandboxing in Linux with zero lines of code](https://blog.cloudflare.com/sandboxing-in-linux-with-zero-lines-of-code/): cloudflare 写了一篇博客讲解 seccomp 工作机制和 sandbox 使用
 - [google/nsjail](https://github.com/google/nsjail): 隔离更全面，使用了命名空间和 cgroup 来限制访问，是一个类似于容器但是目标主要是解决安全问题的解决方案
    - [Figma | Server-side sandboxing: Containers and seccomp](https://www.figma.com/blog/server-side-sandboxing-containers-and-seccomp) figma 的 use case