[$] Filesystem sandboxing with eBPF

Running untrusted code in a safe manner is generally the goal of sandboxingefforts. The sandbox technique presented by Georgia Tech PhD studentAshish Bijlani at Open Source Summit Europe 2019 is no exception. He has used something of a novelscheme to allow unprivileged code to implement the sandbox policies usingBPF; the policies are then enforced by the kernel.