nsjail
C++
★ 4.0k
updated 3d ago
A lightweight process isolation tool that utilizes Linux namespaces, cgroups, rlimits and seccomp-bpf syscall filters, leveraging the Kafel BPF language for enhanced security.
No plain-English explanation yet — one is being written right now. Check back in a minute.