Comment by arianvanp Comment by arianvanp a day ago 0 replies Copy Link View on Hacker News Sandboxing like gvisor is based on syscalls and iouring makes your code syscallless