Add seccomp and rules imported from xdg-app/Sandstorm.io
seccomp is disabled by default for backwards compatibility. This "v0" version is a basic blacklist that turns off some of the known historical attack surface, initially imported from xdg-app. I added a note about code sharing - we should share rules among container implementations.
Showing with 301 additions and 3 deletions