A lightweight process isolation tool that utilizes Linux namespaces, cgroups, rlimits and seccomp-bpf syscall filters, leveraging the Kafel BPF language for enhanced security.
翻译 - 轻量级进程隔离工具,利用Linux名称空间和seccomp-bpf syscall过滤器(借助kafel bpf语言)
Jail-shell is a linux security tool mainly using chroot, namespaces technologies, limiting users to perform specific commands, and access sepcific directories.
Judging daemon for programming contests
Works with Linux namespaces througth glibc with pure python
Control plane for system processes
StemJail: Dynamic Role Compartmentalization
an Erlang library for interacting with Unix processes
Process isolation for Linux using namespaces, resource limits and seccomp.
Understand how linux containers works with practical examples
A lightweight process isolation tool, requiring absolutely no privileges to run
A GNU/Linux specific toolkit for making and managing jails which are OS level virtualization containers. Implemented using shell scripts with chroot, linux namespaces, pivot_root and embedded into bus...
Reliably reap, restrict and isolate system tasks: Stdio is a control plane for processes
Example programs and articles to study Linux namespaces
haskell library to work with linux namespaces
Python library to control Linux kernel namespaces
TIO Runtime