I recently learned about nsjail, a utility to sandbox applications or provide workload isolation.
It seems to be lighter weight than firejail and possibly better suited for server applications.
Has anyone used this? What’s your experience with it? I’m curious about using it for my web server applications as an additional layer of Dr hotty.
You must log in or # to comment.
server applications
Note that systemd can use most if not all of the isolation features nsjail lists in the readme already for services it manages.
