Per thread syscalls filtering #1
Description
Description:
Currently, restrict applies syscall filters globally. It would be useful to support per-thread filtering, so plugins/workers can have different restrictions (e.g., a thread handling file I/O vs. one executing untrusted code).
Use Case:
Prevent a background thread from execve while allowing it in the main thread.