About this question

Seccomp Sandbox for Strategy

Hard · systems · Quant Developer interview question · systems, linux, security, low-latency, c++

High-frequency trading systems often employ process sandboxing to mitigate the risk of rogue algorithms executing unauthorized system operations, such as opening network connections or accessing sensitive files. Seccomp-BPF (Secure Computing with Berkeley Packet Filter) provides a mechanism to strictly filter system calls at the kernel level, ensuring strategies operate within a defined safety perimeter. Task Implement the StrategySandbox class with a method enforce() that installs a Seccomp-BP