Use gaol or seccomp for sandboxing

[Manishearth]

http://security.stackexchange.com/a/107853/7497

Docker has a blacklist approach for security, which isn't ideal. We should be using a whitelisting sandbox.

[DemiMarie]

Gaol has a fantastic approach to seccomp – the best I have ever seen in fact. However, it isn’t audited.

Fortunately, there is an equally good sandboxing tool which doesn’t even require root privileges! That tool is bubblewrap. It can use unprivileged user namespaces if available. Otherwise, it must be setuid root, but is still safe for unprivileged users to use. It also allows passing arbitrary seccomp filters via a file descriptor, and turning on/off access to the network.