Techly NewsGet the app

Get the latest tech news

NsJail: A light-weight process isolation tool for Linux


A light-weight process isolation tool, making use of Linux namespaces and seccomp-bpf syscall filters (with help of the kafel bpf language)

Programmable seccomp-bpf syscall filters(through the kafel language) Cloned and isolated Ethernet interfaces Cgroups for memory and PID utilization control Isolation with access to a private, cloned interface (requires root/setuid) PS: You’ll need to have a valid file-system tree in/chroot. A more complex setup, which utilizes virtualized (cloned) Ethernet interfaces (to separate it from the main network namespace), can be found in configs/firefox-with-cloned-net.cfg.

Get the Android app

Or read this on Hacker News

Read more on:

Photo of Linux

Linux

Photo of NsJail

NsJail

Related news:

News photo

An Early Performance Regression Hitting Highly Threaded Workloads On Linux 6.14-rc1

News photo

Firefox 136 Beta Finally Enables Hardware Video Decoding For AMD GPUs On Linux By Default

News photo

Linux 6.15 Looks Like It May Try Again With EXECMEM_ROX Support

« Apple is making Samsung look good without even trying
GNU Make Standard Library »