`qssb.h` is a simple header-only library that wants to provides an interface to sandbox applications on Linux. Using Seccomp and Linux Namespaces for that purpose requires some knowledge of annoying details which this library aims to abstract away as much as possible, when reasonable.
Hence, the goal is to provide an easy way to processes to restrict themselves in order to mitigate the effect of exploits. Currently, it utilizes technologies like Seccomp, Namespaces and Landlock to achieve this end.
In the end, sandboxing must be considered in the software architecture, e. g. by employing the common multi-process model that offloads certain computations to individual, restricted processes. This library does not directly address those architecture related questions.
## Status
No release yet, expiremental, API is unstable, builds will break on updates of this library.