alt Hacker News>the binary is smaller and thus offers less attack surface, which I think is the usual concern.
Another concern is the huge attack surface that is the Linux kernel.
>the binary is smaller and thus offers less attack surface, which I think is the usual concern.
Another concern is the huge attack surface that is the Linux kernel.
Firejail attempts to mitigate that with secomp filters.