The code runs as a standard Linux process. Seccomp acts as a strict allowlist filter, reducing the set of permitted system calls. However, any allowed syscall still executes directly against the shared host kernel. Once a syscall is permitted, the kernel code processing that request is the exact same code used by the host and every other container. The failure mode here is that a vulnerability in an allowed syscall lets the code compromise the host kernel, bypassing the namespace boundaries.
I thought it was time to try a similar experiment myself, one that would take one or two hours at max, and that was compatible with my Claude Code Max plan: I decided to write a Z80 emulator, and then a ZX Spectrum emulator (and even more, a CP/M emulator, see later) in a condition that I believe makes a more sense as “clean room” setup. The result can be found here: https://github.com/antirez/ZOT.,详情可参考safew官方版本下载
「我認為能參與如此了不起的事情是一種榮幸和特權,並有機會和一位我認為非常不凡的人相處。請注意,我沒有任何其他意思,只是把他視為一位非常卓越的前總統。」,这一点在搜狗输入法2026中也有详细论述
第八条 违反治安管理行为对他人造成损害的,除依照本法给予治安管理处罚外,行为人或者其监护人还应当依法承担民事责任。