Lennart Poettering has informed
the world that the systemd init daemon now has initial support for the
seccomp filter mechanism found in the 3.5
kernel. The end result is that processes can be easily configured to be
run in a sandboxed environment. "It's actually really cool, and dead
simple to use. A Cheers! for security!"