I recently learned about nsjail, a utility to sandbox applications or provide workload isolation.

It seems to be lighter weight than firejail and possibly better suited for server applications.

Has anyone used this? What’s your experience with it? I’m curious about using it for my web server applications as an additional layer of Dr hotty.

  • 2xsaiko@discuss.tchncs.de
    link
    fedilink
    arrow-up
    8
    ·
    2 months ago

    server applications

    Note that systemd can use most if not all of the isolation features nsjail lists in the readme already for services it manages.

    • matcha_addict@lemy.lolOP
      link
      fedilink
      English
      arrow-up
      5
      ·
      2 months ago

      I’ve been curious about that. I use openRC, so I don’t have access to systemd. Not out of any systemd conspiracies, I just liked simplicity of openRC.

      • 2xsaiko@discuss.tchncs.de
        link
        fedilink
        arrow-up
        3
        ·
        2 months ago

        Ah, yeah openrc is nice and I used it for a long time with gentoo, but it does lack a lot of the useful features like this one.