Show HN: Z-Jail – A 130 KB Linux sandbox-C99 with 7 defense layers and zero deps
Linuxsandboxnamespacesseccomp-bpfcapability droppingverdict enginesecurityauditable code execution
Author: Zierax
Date: 7/1/2026
Article Summary:
A lightweight, multi-layer Linux sandbox combining namespaces, pivot_root, seccomp-bpf, capability dropping, and an evidence-based verdict engine for secure, auditable code execution.