PRoot — chroot, mount --bind, and binfmt_misc without privilege/setup edit / delete

"PRoot is a user-space implementation of chroot, mount --bind, and binfmt_misc." Done on top of ptrace and qemu-user, which implies that it'll have the usual limitations of those.

to chroot container emulation namespace ptrace qemu ... on 22 March 2015

System Hardening - The Chromium Projects edit / delete

A nice overview of all the application hardening facilities used on ChromiumOS.

to chromium container hardening linux sandbox security ... on 22 July 2014

Rami Rosen edit / delete

Some good presentations on Linux container facilities. (Horrid Javascript-based site, though.)

to container linux programming sandbox security ... on 11 July 2014

google/lmctfy edit / delete

"lmctfy is the open source version of Google’s container stack, which provides Linux application containers."

to cgroup container linux software ... on 01 December 2013

Browser bookmarks: tasty+ | tasty= Log in | Export | Atom