I recently learned about nsjail, a utility to sandbox applications or provide workload isolation.
It seems to be lighter weight than firejail and possibly better suited for server applications.
Has anyone used this? What’s your experience with it? I’m curious about using it for my web server applications as an additional layer of Dr hotty.
Note that systemd can use most if not all of the isolation features nsjail lists in the readme already for services it manages.
I’ve been curious about that. I use openRC, so I don’t have access to systemd. Not out of any systemd conspiracies, I just liked simplicity of openRC.
Ah, yeah openrc is nice and I used it for a long time with gentoo, but it does lack a lot of the useful features like this one.