sydbox 介绍
sydbox is a ptrace-based sandbox implementation. It intercepts system calls,
checks for allowed filesystem prefixes, and denies them when checks fail. It
has basic support for disallowing network connections. It has basic support to
sandbox execve calls. It is based in part on catbox and strace.