Show HN: Z-Jail – A 130 KB Linux sandbox-C99 with 7 defense layers and zero deps

Zierax 21 points 23 comments July 01, 2026
github.com · View on Hacker News

Discussion Highlights (4 comments)

Kaxo

The seccomp-BPF rules seem almost unusably strict. What is this even designed to be used to run?

abtinf

Setting aside that this seems to be pure slop, what’s with all the empty commits?

SwellJoe

I don't think I'm ready to trust very security sensitive functions to pure vibe-coded software, and that's what this seems to be? Certainly the README is authored by an LLM, and there's a gazillion empty commits and other weirdness that indicates no human is in the loop. It looks like a loop engineered this software. Models have gotten good, but c'mon. Good idea, maybe even a good implementation, but I don't have confidence in it, and you've got to have confidence in a project that claims to provide security. Also, even the best models still regularly write C security bugs. It doesn't make sense to have a model write C code when having it write in a memory safe language is only slightly more effort/cost.

tosti

Who the F* runs a minimizer on friggin C sources? And it's inconsistent too. Security-related code should be readable and auditable.

Semantic search powered by Rivestack pgvector
14,015 stories · 131,331 chunks indexed