I’d like to sandbox a Rust program using seccomp (libseccomp v2.3) on Linux.
The problem I’m running into is that Rust (or std) executes
sigaltstack call after
main() exits, and this causes the process to be killed for seccomp violation. I’ve tried to allow this call (
seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(sigaltstack), 0)), but it doesn’t seem to have effect.
How can I allow
sigaltstack for Rust? Or is it possible to avoid Rust’s runtime calling