This is a work in progress.
Contain can now handle multiple schemes. It can either do
chroot on the
file: scheme, or it can act as a filter, allowing access to only the schemes, directories and files that are named during startup. Most capabilities can be configured via command line.
There may be some overlap with the way
relibc does canonicalization, but
contain will also guard against improper use of symbolic links via direct syscall.
It is intended that we can use
contain to guard against misuse of
pty: schemes, but I don't know enough about what should be allowed to complete that yet.
There is a mix of
syscall interfaces. There seem to be some things missing from
libredox, so that should be discussed once
contain is closer to being ready.