|
|
|
|
|
|
by moosingin3space
3172 days ago
|
|
|
This tool is lighter-weight than firejail. nsjail seems to be a thin abstraction over Linux namespaces, while firejail contains profiles for common desktop applications and some X hackery to enable jailing of GUI programs. |
|
|
Yup, nsjail doesn't have X hacks (I should work on that), though it offers some profiles for Apache-like type of applications:
https://github.com/google/nsjail/tree/master/configs
I believe nsjail uses one of the most advanced (if not the most advanced) seccomp-bpf config language - kafel: https://github.com/google/kafel