linux-namespaces

A lightweight process isolation tool that utilizes Linux namespaces, cgroups, rlimits and seccomp-bpf syscall filters, leveraging the Kafel BPF language for enhanced security.

Jail-shell is a linux security tool mainly using chroot, namespaces technologies, limiting users to perform specific commands, and access sepcific directories.

Judging daemon for programming contests

Works with Linux namespaces througth glibc with pure python

Control plane for system processes

StemJail: Dynamic Role Compartmentalization

an Erlang library for interacting with Unix processes

Process isolation for Linux using namespaces, resource limits, landlock and seccomp.

Understand how linux containers works with practical examples

A lightweight process isolation tool, requiring absolutely no privileges to run

A minimal sandboxing tool

Easy Application Sandboxing on NixOS

A GNU/Linux specific toolkit for making and managing jails which are OS level virtualization containers. Implemented using shell scripts with chroot, linux namespaces, pivot_root and embedded into busybox.

Joblet is a micro-container runtime for running Linux jobs with: Process and filesystem isolation (PID namespace, chroot) Fine-grained CPU, memory, and IO throttling (cgroups v2) Secure job execution with mTLS and RBAC Built-in scheduler, SSE log streaming, and multi-core pinning Ideal for: Agentic AI Systems HPC Workloads Untrusted code

Reliably reap, restrict and isolate system tasks: Stdio is a control plane for processes

Example programs and articles to study Linux namespaces

A minimal rootless container runtime on Linux

A chroot jail for online judge

haskell library to work with linux namespaces

Python library to control Linux kernel namespaces