tr1pd
tr1pd copied to clipboard
Introduce mlock for ephemeral secret keys
This prevents a situation where the ephemeral private keys are written to the swapfile.
This requires an additional syscall in the existing seccomp filter and also needs --cap-add=IPC_LOCK
for docker. In the later case it might make sense to make this feature opt-out-able.