Today I learned about Landlock, another sandboxing API in the Linux kernel https://docs.kernel.org/userspace-api/landlock.html sandboxes resources instead of syscalls like seccomp. It's getting attention since a developer released the `Landrun` tool, which that uses Landlock to sandbox programs, and it made it to the front page of...uh, Slashdot https://linux.slashdot.org/story/25/04/05/217212/landrun-lightweight-linux-sandboxing-with-landlock-no-root-required (I found out about it via https://blog.isosceles.com/openssh-backdoors/, which mentioned Landlock)