The best bet would probably be to write a Ruby (FFI) wrapper to libseccomp.
That's something I've wanted for a long time.

On Tue, Dec 29, 2015 at 2:34 PM, Tim Frster <ruby / mailserver.1n3t.de>
wrote:

> Hey, i've watched fefe's talk on 32c3, he described / presented a really
> instresting part of privilege seperation. In c you will be able by using
> seccomp filters to restrict the priviliges to the only ones you need. Would
> it be possible to provide a ruby API which interacts directly with the
> kernel?
> --
> timmy
>
> Unsubscribe: <mailto:ruby-talk-request / ruby-lang.org?subject=unsubscribe>
> <http://lists.ruby-lang.org/cgi-bin/mailman/options/ruby-talk>
>
>


-- 
Tony Arcieri
(supressed text/html)
Unsubscribe: <mailto:ruby-talk-request / ruby-lang.org?subject=unsubscribe>
<http://lists.ruby-lang.org/cgi-bin/mailman/options/ruby-talk>