A lightweight process isolation tool that utilizes Linux namespaces, cgroups, rlimits and seccomp-bpf syscall filters, leveraging the Kafel BPF language for enhanced security.

Jail-shell is a linux security tool mainly using chroot, namespaces technologies, limiting users to perform specific commands, and access sepcific directories.

Judging daemon for programming contests

Works with Linux namespaces througth glibc with pure python

Control plane for system processes

StemJail: Dynamic Role Compartmentalization

an Erlang library for interacting with Unix processes

Process isolation for Linux using namespaces, resource limits and seccomp.

A lightweight process isolation tool, requiring absolutely no privileges to run

Understand how linux containers works with practical examples

A minimal sandboxing tool

A GNU/Linux specific toolkit for making and managing jails which are OS level virtualization containers. Implemented using shell scripts with chroot, linux namespaces, pivot_root and embedded into busybox.

Reliably reap, restrict and isolate system tasks: Stdio is a control plane for processes

Example programs and articles to study Linux namespaces

A minimal rootless container runtime on Linux

A chroot jail for online judge

haskell library to work with linux namespaces

Python library to control Linux kernel namespaces

Easy Application Sandboxing

Generate runlets from containerized Unix processes