seccomp support
It would be nice, if we could build knot-resolver with seccomp support which should reduce attack surface by filtering syscalls.
Note: similar approach for hardening was made to dnsmasq by google zero team (but it's not merged into upstream yet)
https://security.googleblog.com/2017/10/behind-masq-yet-more-dns-and-dhcp.html