Nsjail – A light-weight process isolation tool for Linux

by LaFolleon 10/15/2017, 6:37:59 PM with 7 comments
  • by jeblairon 10/15/2017, 8:40:52 PM

    This seems very similar to Bubblewrap: https://github.com/projectatomic/bubblewrap

  • by woahhvickyon 10/15/2017, 7:50:03 PM

    How does this compare to firejail?

  • by Bromsklosson 10/15/2017, 9:45:28 PM

    Is this what I should use if I want to intercept filesystem calls (and rewrite them, or generate on the fly the file that is about to be accessed)? Something else I should look into for this purpose?

  • by thereinon 10/15/2017, 10:39:07 PM

    Is there a minimum required kernel version? How does it compare to proot?

    We use proot in our build pipeline and it would be interesting to look into alternatives.

  • by TheDongon 10/16/2017, 2:35:04 AM

    This seems to be almost exactly like systemd-nspawn other than the ability to write seccomp policies in kafel.

    Are there any other notable differences?

  • by _Marak_on 10/15/2017, 10:52:50 PM

    I've been using nsjail in production with good success lately. It's a solid tool.

    Thank you authors! Really appreciate your work on this project.

  • by andystantonon 10/16/2017, 7:29:42 AM

    I have become conditioned by seeing so many Javascript frameworks reach the front page over the years that I parsed this as 'JsNail' on first glance.