Adam Sampson's container bookmarks

PRoot — chroot, mount --bind, and binfmt_misc without privilege/setup

"PRoot is a user-space implementation of chroot, mount --bind, and binfmt_misc." Done on top of ptrace and qemu-user, which implies that it'll have the usual limitations of those.

to chroot container emulation namespace ptrace qemu ... on 22 March 2015

System Hardening - The Chromium Projects

A nice overview of all the application hardening facilities used on ChromiumOS.

to chromium container hardening linux sandbox security ... on 22 July 2014

Rami Rosen

Some good presentations on Linux container facilities. (Horrid Javascript-based site, though.)

to container linux programming sandbox security ... on 11 July 2014

google/lmctfy

"lmctfy is the open source version of Google’s container stack, which provides Linux application containers."

to cgroup container linux software ... on 01 December 2013

Tasty » Adam Sampson's container bookmarks

Tags related to container

	- container

1	cgroup
1	chromium
1	chroot
4	container
1	emulation
1	hardening
3	linux
1	namespace
1	programming
1	ptrace
1	qemu
2	sandbox
2	security
1	software